CVE-2026-28575
— Android PackageInstaller Denial of Service via Memory Exhaustion
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the…
android
|
Remote
|
Memory Corruption
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27870
— CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaS…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27869
— WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris atta…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27868
— PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege inform…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27429
— WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27410
— WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerabi…
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27400
— WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27395
— WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27041
— WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upl…
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25470
— WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Cust…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25446
— WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25439
— WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24611
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24610
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24575
— WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22343
— WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22342
— WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to A…
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Remote
|
Cross-Site Request Forgery
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22340
— WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22339
— WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22338
— WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026