A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (…
Remote
|
Memory Corruption
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-24547
— WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-68075
— WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
CVE-2025-68074
— WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.
Remote
|
Cross-Site Scripting
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-68064
— WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.
Remote
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-68063
— WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4…
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.
Remote
|
Path Traversal
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-68052
— WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabili…
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
Remote
|
Cross-Site Request Forgery
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-66123
— WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-64637
— WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Remote
|
Injection
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
CVE-2025-64636
— WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-63079
— WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerabi…
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-63078
— WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerabi…
Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2025-63041
— WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerab…
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly…
Remote
|
Server-Side Request Forgery
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
CVE-2026-57924
— JetBrains YouTrack: Role Configuration Information Disclosure
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
youtrack
|
Remote
|
Information Disclosure
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
youtrack
|
Remote
|
Information Disclosure
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
CVE-2026-57921
— JetBrains YouTrack: Improper Access Control in Comment Templates
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026