|
1681
|
8.8 |
HIGH
Network
|
-
|
-
|
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (…
|
CWE-862
Missing Authorization
|
CVE-2026-7761
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1682
|
8.8 |
HIGH
Network
|
-
|
-
|
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to …
|
CWE-94
Code Injection
|
CVE-2026-12242
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1683
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all ver…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10833
|
2026-06-25 22:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1684
|
7.5 |
HIGH
Network
|
-
|
-
|
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping…
|
CWE-89
SQL Injection
|
CVE-2026-12077
|
2026-06-25 22:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1685
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staff_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the u…
|
CWE-89
SQL Injection
|
CVE-2026-2508
|
2026-06-25 22:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1686
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gat…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-54324
|
2026-06-25 22:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1687
|
7.0 |
HIGH
Network
|
-
|
-
|
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private coul…
|
CWE-613
CWE-863
Insufficient Session Expiration
Incorrect Authorization
|
CVE-2026-54321
|
2026-06-25 22:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1688
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, …
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-52846
|
2026-06-25 22:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1689
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
A logic flaw in __smc_setsockopt() allows a local unprivil…
|
-
|
CVE-2026-53274
|
2026-06-25 18:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1690
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix use-after-free on sbi->sync_decompress
z_erofs_decompress_kickoff() can race with filesystem unmount, causing
a use-af…
|
-
|
CVE-2026-53272
|
2026-06-25 18:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
