|
4371
|
8.8 |
HIGH
Network
|
-
|
-
|
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-8365
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4372
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8599
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4373
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8677
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4374
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi…
|
CWE-862
Missing Authorization
|
CVE-2026-4058
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4375
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"
This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to …
|
-
|
CVE-2026-46318
|
2026-06-9 22:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4376
|
8.0 |
HIGH
Network
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41723
|
2026-06-9 22:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4377
|
8.0 |
HIGH
Network
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41722
|
2026-06-9 22:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4378
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via…
|
CWE-284
Improper Access Control
|
CVE-2026-11190
|
2026-06-9 21:51 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4379
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti…
|
CWE-20
Improper Input Validation
|
CVE-2026-11189
|
2026-06-9 21:51 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4380
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11191
|
2026-06-9 21:50 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
