|
2451
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
|
CWE-617
Reachable Assertion
|
CVE-2026-8843
|
2026-05-19 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2452
|
9.1 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-19 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2453
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-47959
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2454
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-47965
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2455
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37233
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2456
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37235
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2457
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f…
|
CWE-22
Path Traversal
|
CVE-2021-47977
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2458
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers …
|
CWE-22
Path Traversal
|
CVE-2021-47979
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2459
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2018-25324
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2460
|
7.5 |
HIGH
Network
|
-
|
-
|
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame…
|
CWE-22
Path Traversal
|
CVE-2018-25326
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
