|
231
|
7.5 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin cha…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-8176
|
2026-06-17 00:22 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
8.1 |
HIGH
Network
|
-
|
-
|
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and …
New
|
CWE-22
Path Traversal
|
CVE-2026-8442
|
2026-06-17 00:22 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
7.5 |
HIGH
Network
|
dalibo
|
postgresql_anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuse…
Update
|
CWE-89
SQL Injection
|
CVE-2026-11945
|
2026-06-17 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unr…
New
|
CWE-345
CWE-384
Insufficient Verification of Data Authenticity
Session Fixation
|
CVE-2026-53900
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
New
|
CWE-22
Path Traversal
|
CVE-2026-50869
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
4.8 |
MEDIUM
Network
|
apache
|
cxf
|
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/servi…
Update
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-50623
|
2026-06-17 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks…
New
|
CWE-862
Missing Authorization
|
CVE-2026-38329
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
9.1 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
New
|
CWE-123
Write-what-where Condition
|
CVE-2026-30121
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
9.8 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
New
|
CWE-94
Code Injection
|
CVE-2026-30120
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
9.8 |
CRITICAL
Network
|
splunk
|
splunk
|
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulne…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-20253
|
2026-06-17 00:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
