|
1241
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-56057
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2026-56045
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2026-56044
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
8.8 |
HIGH
Network
|
-
|
-
|
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-56038
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
|
CWE-89
SQL Injection
|
CVE-2026-56036
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
8.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-56031
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-56030
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-56025
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2026-56011
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
7.5 |
HIGH
Network
|
-
|
-
|
Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is)…
|
CWE-22
Path Traversal
|
CVE-2026-55677
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|