|
1031
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6504
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized t…
|
CWE-862
Missing Authorization
|
CVE-2026-6512
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
7.5 |
HIGH
Network
|
-
|
-
|
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6514
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
7.5 |
HIGH
Network
|
-
|
-
|
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the …
|
CWE-862
Missing Authorization
|
CVE-2026-4029
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
8.1 |
HIGH
Network
|
-
|
-
|
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not proper…
|
CWE-862
Missing Authorization
|
CVE-2026-4030
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
7.5 |
HIGH
Network
|
-
|
-
|
The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db…
|
CWE-862
Missing Authorization
|
CVE-2026-4031
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
6.5 |
MEDIUM
Network
|
warpgate_project
|
warpgate
|
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in…
|
CWE-352
Origin Validation Error
|
CVE-2026-44347
|
2026-05-14 23:27 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
8.1 |
HIGH
Network
|
microsoft
|
azure_monitor_action_group_notification_system
|
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41105
|
2026-05-14 23:27 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
6.5 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-42891
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
|
CWE-74
Injection
|
CVE-2026-42838
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
