CVE-2026-48518
— MultiJuicer: Login CSRF allows attacker to force victims into their team
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-ju…
Remote
|
Cross-Site Request Forgery
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48124
— Cursor Desktop sandbox escape via Claude hook configuration
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without ded…
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-47825
— Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.
Af…
Remote
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-47261
— Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access c…
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45441
— WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45439
— WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45437
— WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS…
Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42775
— WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42752
— WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42743
— WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42688
— WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerabili…
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42687
— WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42686
— WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42668
— WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentic…
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42667
— WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42666
— WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42665
— WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42664
— WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - B…
Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42663
— WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42662
— WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
