CVE-2026-32966
— Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Da…
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recomme…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-2604
— Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent ur…
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory t…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-28615
— Telecomm Local Privilege Escalation via Permissions Bypass
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges neede…
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no addition…
android
|
Remote
|
Information Disclosure
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. Use…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-28575
— Android PackageInstaller Denial of Service via Memory Exhaustion
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the…
android
|
Remote
|
Memory Corruption
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27870
— CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaS…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27869
— WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris atta…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27868
— PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege inform…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27429
— WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27410
— WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerabi…
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27400
— WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27395
— WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27041
— WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upl…
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25470
— WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Cust…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25446
— WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25439
— WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24611
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24610
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24575
— WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026