|
131
|
- |
|
-
|
-
|
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-34022
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
- |
|
-
|
-
|
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker…
New
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-34021
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects MasterStudy LMS Pro: from n/a before 4.7…
New
|
CWE-862
Missing Authorization
|
CVE-2025-64215
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' param…
New
|
CWE-89
SQL Injection
|
CVE-2019-25746
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php e…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25437
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-p…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-25436
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site …
New
|
CWE-79
Cross-site Scripting
|
CVE-2016-20084
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
5.3 |
MEDIUM
Network
|
-
|
-
|
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft mali…
New
|
CWE-352
Origin Validation Error
|
CVE-2016-20083
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET req…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20082
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attacke…
New
|
CWE-22
Path Traversal
|
CVE-2016-20081
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
