|
151
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2016-20070
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in…
New
|
CWE-89
SQL Injection
|
CVE-2016-20069
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicio…
New
|
CWE-89
SQL Injection
|
CVE-2016-20068
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML…
New
|
CWE-352
Origin Validation Error
|
CVE-2016-20067
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload…
New
|
CWE-79
Cross-site Scripting
|
CVE-2016-20066
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.5 |
MEDIUM
Network
|
microsoft
|
visual_studio_code
|
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
Update
|
CWE-23
Relative Path Traversal
|
CVE-2026-47287
|
2026-06-15 23:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.5 |
MEDIUM
Network
|
microsoft
|
visual_studio_code
|
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-47284
|
2026-06-15 23:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
9.6 |
CRITICAL
Network
|
microsoft
|
visual_studio_code
|
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-306
CWE-798
CWE-862
Missing Authentication for Critical Function
Use of Hard-coded Credentials
Missing Authorization
|
CVE-2026-47281
|
2026-06-15 23:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
4.3 |
MEDIUM
Network
|
microsoft
|
bing
|
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-45650
|
2026-06-15 23:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
5.7 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-20257
|
2026-06-15 23:05 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
