CVE-2026-27089
— WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-27053
— WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-25440
— WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerabi…
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-25425
— WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-24637
— WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-23970
— WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vul…
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-69332
— WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-68872
— WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected C…
Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-68851
— WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-68840
— WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerab…
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-68049
— WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-60175
— WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Remote
|
Server-Side Request Forgery
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2025-59133
— WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulne…
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-12087
— Socket versions before 2.041 for Perl have an out-of-bounds heap read
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests th…
|
Memory Corruption
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to…
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48017
— DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScri…
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48714
— i18next-http-middleware missingKeyHandler does not reject keys whose segments contain pro…
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request…
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48713
— i18next-fs-backend: Prototype pollution via crafted missing-key string
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler expos…
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-53705
— Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer o…
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * ch…
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-53704
— Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo…
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variab…
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
