|
801
|
8.2 |
HIGH
Network
|
-
|
-
|
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid p…
New
|
CWE-89
SQL Injection
|
CVE-2016-20072
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
8.2 |
HIGH
Network
|
-
|
-
|
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicio…
New
|
CWE-89
SQL Injection
|
CVE-2016-20071
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2016-20070
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in…
New
|
CWE-89
SQL Injection
|
CVE-2016-20069
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicio…
New
|
CWE-89
SQL Injection
|
CVE-2016-20068
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML…
New
|
CWE-352
Origin Validation Error
|
CVE-2016-20067
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload…
New
|
CWE-79
Cross-site Scripting
|
CVE-2016-20066
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
6.5 |
MEDIUM
Network
|
microsoft
|
visual_studio_code
|
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
Update
|
CWE-23
Relative Path Traversal
|
CVE-2026-47287
|
2026-06-15 23:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
6.5 |
MEDIUM
Network
|
microsoft
|
visual_studio_code
|
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-47284
|
2026-06-15 23:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
9.6 |
CRITICAL
Network
|
microsoft
|
visual_studio_code
|
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-306
CWE-798
CWE-862
Missing Authentication for Critical Function
Use of Hard-coded Credentials
Missing Authorization
|
CVE-2026-47281
|
2026-06-15 23:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
