| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10825 | Hig | 0.46 | — | 0.00 | Jun 16, 2026 | A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device… | ||
| CVE-2025-68045 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2026 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | ||
| CVE-2026-8444 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type… | ||
| CVE-2026-8443 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON… | ||
| CVE-2026-6933 | Hig | 0.57 | 8.8 | 0.01 | Jun 16, 2026 | The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data,… | ||
| CVE-2026-7273 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. | ||
| CVE-2026-12161 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials… | ||
| CVE-2026-53430 | Hig | 0.50 | — | 0.00 | Jun 15, 2026 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files… | ||
| CVE-2026-48854 | Hig | 0.50 | — | 0.00 | Jun 15, 2026 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_fu… | ||
| CVE-2026-48723 | Hig | 0.44 | 7.8 | 0.01 | Jun 15, 2026 | The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function… | ||
| CVE-2026-48599 | Hig | 0.42 | — | 0.00 | Jun 15, 2026 | Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In… | ||
| CVE-2026-5064 | — | Hig | 0.55 | — | 0.00 | Jun 15, 2026 | Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities. | |
| CVE-2026-48017 | Hig | 0.50 | 8.8 | 0.01 | Jun 15, 2026 | DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user… | ||
| CVE-2026-52702 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | ||
| CVE-2026-52700 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||
| CVE-2026-52699 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | ||
| CVE-2026-52697 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | ||
| CVE-2026-52695 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||
| CVE-2026-52694 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||
| CVE-2026-52692 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||
| CVE-2026-49780 | Hig | 0.50 | 8.8 | 0.00 | Jun 15, 2026 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||
| CVE-2026-49112 | Hig | 0.42 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | ||
| CVE-2026-49110 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. | ||
| CVE-2026-49083 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||
| CVE-2026-49082 | Hig | 0.48 | 7.4 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||
| CVE-2026-49078 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||
| CVE-2026-49070 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||
| CVE-2026-49068 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | ||
| CVE-2026-49066 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | ||
| CVE-2026-49065 | Hig | 0.53 | 8.2 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||
| CVE-2026-49063 | Hig | 0.47 | 7.3 | 0.00 | Jun 15, 2026 | Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | ||
| CVE-2026-49061 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. | ||
| CVE-2026-49056 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | ||
| CVE-2026-49055 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | ||
| CVE-2026-48970 | Hig | 0.53 | 8.1 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | ||
| CVE-2026-48966 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | ||
| CVE-2026-48964 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | ||
| CVE-2026-48889 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||
| CVE-2026-48885 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | ||
| CVE-2026-48883 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | ||
| CVE-2026-48882 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | ||
| CVE-2026-48876 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | ||
| CVE-2026-48874 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in GamiPress <= 7.8.7 versions. | ||
| CVE-2026-48873 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions. | ||
| CVE-2026-48872 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions. | ||
| CVE-2026-48871 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | ||
| CVE-2026-48868 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions. | ||
| CVE-2026-48867 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | ||
| CVE-2026-48838 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. | ||
| CVE-2026-48835 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. |
- risk 0.46cvss —epss 0.00
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device…
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
- risk 0.57cvss 8.8epss 0.00
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type…
- risk 0.57cvss 8.8epss 0.00
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON…
- risk 0.57cvss 8.8epss 0.01
The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data,…
- risk 0.57cvss 8.8epss 0.00
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.00
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials…
- risk 0.50cvss —epss 0.00
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files…
- risk 0.50cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_fu…
- risk 0.44cvss 7.8epss 0.01
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function…
- risk 0.42cvss —epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In…
- risk 0.55cvss —epss 0.00
Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities.
- risk 0.50cvss 8.8epss 0.01
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user…
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
- risk 0.50cvss 8.8epss 0.00
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
- risk 0.42cvss 7.5epss 0.00
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
- risk 0.49cvss 7.5epss 0.00
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
- risk 0.48cvss 7.4epss 0.00
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
- risk 0.49cvss 7.5epss 0.00
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
- risk 0.53cvss 8.2epss 0.00
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
- risk 0.47cvss 7.3epss 0.00
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.
- risk 0.53cvss 8.1epss 0.00
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
- risk 0.57cvss 8.8epss 0.00
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.