CVE-2026-48723
— BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary cod…
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file…
|
Injection
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-48599
— Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting val…
grpc
|
Remote
|
Authorization
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-12205
— Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to p…
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever …
Remote
|
Cryptography
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
Potential security vulnerabilities have been identified in the HP One
Agent for certain HP PC products, which might allow
for escalation of privilege and/or denial of service. HP
is …
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-48714
— i18next-http-middleware missingKeyHandler does not reject keys whose segments contain pro…
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request…
Remote
|
Injection
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-48713
— i18next-fs-backend: Prototype pollution via crafted missing-key string
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler expos…
Remote
|
Misconfiguration
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to…
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-48017
— DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScri…
Remote
|
Injection
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-12087
— Socket versions before 2.041 for Perl have an out-of-bounds heap read
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests th…
Remote
|
Memory Corruption
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-11832
— Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
Remote
|
Cryptography
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-9691
— WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Fo…
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52703
— WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52702
— WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52700
— WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52699
— WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabi…
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52697
— WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52695
— WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52694
— WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulner…
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52693
— WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52692
— WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
