Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse.
This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
Remote
|
Authentication
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-8079
— Unintended limited set of actions with elevated privileges may be performed during PDF ge…
In Progress Flowmon versions prior to 12.5.9 and 13.0.10, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in ope…
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-9272
— Possibility of unintended database operations when querying data related to detected anom…
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send s…
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-5524
— Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code…
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extensio…
Remote
|
Authentication
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS.
This issue affects WAF-ASP: from v1.0.324.90…
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS.
This issue affects Web A…
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-58653
— PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update
PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspac…
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-58652
— luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter
luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the trav…
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57766
— WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery…
Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.
wpide
|
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57765
— WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57764
— WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (X…
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57763
— WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57762
— WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57761
— WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57760
— WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Sendcloud Shipping: from n/a through 1…
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57759
— WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57758
— WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulner…
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57757
— WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabil…
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57756
— WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57755
— WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting …
Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026