|
201
|
3.1 |
LOW
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3553
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
- |
|
-
|
-
|
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potent…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4764
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
5.4 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6269
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-53736
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53737
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
8.1 |
HIGH
Network
|
-
|
-
|
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite p…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-53738
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authe…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-53739
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to exec…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53740
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53741
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53742
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
