CVE-2026-48713
— i18next-fs-backend: Prototype pollution via crafted missing-key string
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler expos…
Remote
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to…
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48017
— DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScri…
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-12087
— Socket versions before 2.041 for Perl have an out-of-bounds heap read
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests th…
|
Memory Corruption
Jun 15, 2026
Jun 16, 2026
Jun 15, 2026
Jun 16, 2026
CVE-2026-11832
— Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
|
Cryptography
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-9691
— WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Fo…
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52703
— WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52702
— WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52700
— WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52699
— WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabi…
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52697
— WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52695
— WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52694
— WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulner…
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52693
— WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-52692
— WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49781
— WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49780
— WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49776
— WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translat…
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49775
— WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49773
— WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vu…
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
