CVE-2026-12225
— syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass t…
Remote
|
Authentication
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40750
— WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server.
This issue affects Kids Online Store: from n/a through 0.…
Remote
|
Misconfiguration
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and a…
|
Memory Corruption
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-10829
— Moxa NPort Stack-Based Buffer Overflow Remote Code Execution
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplie…
Remote
|
Memory Corruption
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-8442
— WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via …
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and …
Remote
|
Path Traversal
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-8176
— LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDO…
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin cha…
Remote
|
Authentication
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resultin…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54198
— WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) v…
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54197
— WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Remote
|
Information Disclosure
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54191
— WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Remote
|
Cross-Site Scripting
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54190
— WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52715
— WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52714
— WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerabil…
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52712
— WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52711
— WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49774
— WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion.
This issue affects RD Station: from n/a through 5.6.0.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49772
— WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Ev…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40809
— WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.4.1.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39581
— WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vuln…
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39574
— WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
