|
3491
|
8.1 |
HIGH
Network
|
-
|
-
|
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handle…
|
CWE-352
Origin Validation Error
|
CVE-2026-6075
|
2026-05-29 22:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3492
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Althou…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-9189
|
2026-05-29 22:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3493
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in al…
|
CWE-862
Missing Authorization
|
CVE-2025-12714
|
2026-05-29 22:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3494
|
4.3 |
MEDIUM
Network
|
apache
|
activemq_artemis
artemis
|
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40914
|
2026-05-29 21:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3495
|
6.8 |
MEDIUM
Local
|
-
|
-
|
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV fil…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-9673
|
2026-05-29 11:47 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3496
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19…
|
-
|
CVE-2026-34311
|
2026-05-29 11:47 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3497
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS b…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-10028
|
2026-05-29 11:47 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3498
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-47326
|
2026-05-29 11:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3499
|
3.3 |
LOW
Local
|
-
|
-
|
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47327
|
2026-05-29 11:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3500
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug…
|
CWE-590
Free of Memory not on the Heap
|
CVE-2026-47328
|
2026-05-29 11:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
