CVE-2026-57333
— WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulner…
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57332
— WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerabi…
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57331
— WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerabi…
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Remote
|
Path Traversal
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57330
— WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57329
— WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerab…
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57328
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57327
— WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57326
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57320
— WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13571
— SourceCodester Simple Food Ordering System cart.php logic error
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lea…
Remote
|
Misconfiguration
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation …
Remote
|
Authentication
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13676
— fast-uri vulnerable to host confusion via failed IDN canonicalization
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru…
Remote
|
Misconfiguration
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers wit…
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-56457
— HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain…
Remote
|
Information Disclosure
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13570
— SourceCodester Inventory Management System User Registration Endpoint users_handler.php c…
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Perform…
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argumen…
Remote
|
Injection
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13568
— SourceCodester Inventory Management System User Registration Endpoint users_handler.php a…
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoin…
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-54371
— attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a…
|
Path Traversal
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-54370
— acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symb…
|
Race Condition
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-54369
— acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows l…
|
Path Traversal
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
