VYPR

CVEs

38,009 total · page 5 of 761

  • CVE-2026-10825HigJun 16, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device…

  • CVE-2025-68045HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

  • CVE-2026-8444HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type…

  • CVE-2026-8443HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON…

  • CVE-2026-6933HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.01

    The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data,…

  • CVE-2026-7273HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

  • CVE-2026-12161HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials…

  • CVE-2026-53430HigJun 15, 2026
    risk 0.50cvss epss 0.00

    Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files…

  • CVE-2026-48854HigJun 15, 2026
    risk 0.50cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_fu…

  • CVE-2026-48723HigJun 15, 2026
    risk 0.44cvss 7.8epss 0.01

    The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function…

  • CVE-2026-48599HigJun 15, 2026
    risk 0.42cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In…

  • CVE-2026-5064HigJun 15, 2026
    risk 0.55cvss epss 0.00

    Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities.

  • CVE-2026-48017HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.01

    DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user…

  • CVE-2026-52702HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

  • CVE-2026-52700HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

  • CVE-2026-52699HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

  • CVE-2026-52697HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

  • CVE-2026-52695HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

  • CVE-2026-52694HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

  • CVE-2026-52692HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

  • CVE-2026-49780HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Customer Privilege Escalation in Dokan <= 5.0.2 versions.

  • CVE-2026-49112HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

  • CVE-2026-49110HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

  • CVE-2026-49083HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

  • CVE-2026-49082HigJun 15, 2026
    risk 0.48cvss 7.4epss 0.00

    Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.

  • CVE-2026-49078HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

  • CVE-2026-49070HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

  • CVE-2026-49068HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

  • CVE-2026-49066HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

  • CVE-2026-49065HigJun 15, 2026
    risk 0.53cvss 8.2epss 0.00

    Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

  • CVE-2026-49063HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.00

    Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

  • CVE-2026-49061HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

  • CVE-2026-49056HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

  • CVE-2026-49055HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

  • CVE-2026-48970HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

  • CVE-2026-48966HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

  • CVE-2026-48964HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

  • CVE-2026-48889HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Subscriber Privilege Escalation in Amelia <= 2.3 versions.

  • CVE-2026-48885HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

  • CVE-2026-48883HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

  • CVE-2026-48882HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

  • CVE-2026-48876HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

  • CVE-2026-48874HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

  • CVE-2026-48873HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

  • CVE-2026-48872HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

  • CVE-2026-48871HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

  • CVE-2026-48868HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

  • CVE-2026-48867HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

  • CVE-2026-48838HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

  • CVE-2026-48835HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.