CVE-2026-39546
— WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39545
— WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39539
— WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39537
— WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39529
— WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39522
— WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39446
— WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39443
— WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39438
— WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39433
— WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34895
— WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34894
— WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34893
— WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34888
— WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32967
— Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to versi…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32966
— Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Da…
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recomme…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-2604
— Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent ur…
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory t…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-28615
— Telecomm Local Privilege Escalation via Permissions Bypass
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges neede…
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no addition…
android
|
Remote
|
Information Disclosure
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. Use…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026