CVE-2026-39522
— WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39446
— WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39443
— WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39438
— WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39433
— WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34895
— WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34894
— WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34893
— WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34888
— WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32967
— Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to versi…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32966
— Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Da…
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recomme…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-2604
— Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent ur…
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory t…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-28615
— Telecomm Local Privilege Escalation via Permissions Bypass
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges neede…
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no addition…
android
|
Remote
|
Information Disclosure
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. Use…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-28575
— Android PackageInstaller Denial of Service via Memory Exhaustion
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the…
android
|
Remote
|
Memory Corruption
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27870
— CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaS…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27869
— WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris atta…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27868
— PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege inform…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27429
— WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026