CVE-2026-47277
— Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoin…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-45436
— WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-44587
— CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the content_type_denylist check fails to escape regex metacharacters in string entries, causin…
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
CVE-2026-42629
— WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerabil…
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-42385
— WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-42380
— WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-42357
— Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access wor…
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
This issue affects Apache DolphinScheduler ver…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-41557
— WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-41280
— Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system l…
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
This issue affects Apache DolphinScheduler versions prior to 3.4.2…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40783
— WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabil…
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40768
— WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (ID…
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40765
— WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40761
— WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40760
— WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40759
— WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40758
— WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40755
— WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40754
— WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40753
— WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40751
— WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026