|
571
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6810
|
2026-04-24 23:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/ad…
New
|
CWE-862
Missing Authorization
|
CVE-2025-11762
|
2026-04-24 23:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-3565
|
2026-04-24 23:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_re…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3569
|
2026-04-24 23:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4078
|
2026-04-24 23:38 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
6.5 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affec…
Update
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-40306
|
2026-04-24 23:29 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
4.7 |
MEDIUM
Network
|
oracle
|
applications_framework
|
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulner…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34298
|
2026-04-24 23:29 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
6.5 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_fin_maintenance_management
|
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploita…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34299
|
2026-04-24 23:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
6.5 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_fin_maintenance_management
|
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploita…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34301
|
2026-04-24 23:28 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
5.5 |
MEDIUM
Network
|
oracle
|
workflow
|
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34302
|
2026-04-24 23:27 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
