|
CVE-2026-40760
|
|
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-42380
|
|
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
|
Critical
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-40783
|
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
|
Critical
|
Remote Code Execution
Cwe 94
|
3 weeks ago
|
|
CVE-2026-40748
|
|
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-40749
|
|
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-40746
|
|
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-40747
|
|
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-42629
|
|
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-40731
|
|
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-41557
|
|
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40765
|
|
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42385
|
|
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39596
|
|
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
|
Critical
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-39548
|
|
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39597
|
|
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40723
|
|
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
|
Medium
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-40722
|
|
Vulnerability in CVE-2026-40722 (CVE-2026-40722)
vulnerability in CVE-2026-40722 (CVE-2026-40722). Risk of unauthorized operations or information disclosure.
|
Medium
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-39595
|
|
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
|
Medium
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-39545
|
|
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39539
|
|
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39567
|
|
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39578
|
|
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
|
Medium
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39554
|
|
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39573
|
|
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39529
|
|
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
|
Critical
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39557
|
|
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39577
|
|
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
|
Medium
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39580
|
|
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-39598
|
|
Unrestricted File Upload in CVE-2026-39598 (CVE-2026-39598)
vulnerability in CVE-2026-39598 (CVE-2026-39598). Successful exploitation can lead to full system takeover.
|
High
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-39589
|
|
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-39547
|
|
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-40721
|
|
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39549
|
|
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39582
|
|
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39537
|
|
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39558
|
|
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39568
|
|
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-27041
|
|
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-25446
|
|
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
|
Critical
|
Cwe 434
|
3 weeks ago
|
|
CVE-2026-2604
|
|
Vulnerability in path-traversal (CVE-2026-2604)
vulnerability in path-traversal (CVE-2026-2604). Data can be tampered with by attackers.
|
Medium
|
Path Traversal
Cwe 73
|
3 weeks ago
|
|
CVE-2026-25439
|
|
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-34895
|
|
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-34893
|
|
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39522
|
|
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-34894
|
|
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
|
High
|
Cwe 98
|
3 weeks ago
|
|
CVE-2026-39438
|
|
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
|
Critical
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-28576
|
|
SQL Injection in sqli (CVE-2026-28576)
SQL injection in sqli (CVE-2026-28576). Confidential information can be exposed externally.
|
Medium
|
SQL Injection
Cwe 89
Google
Android
|
3 weeks ago
|
|
CVE-2026-27870
|
|
Cross-Site Scripting (XSS) in CVE-2026-27870 (CVE-2026-27870)
cross-site scripting in CVE-2026-27870 (CVE-2026-27870). Risk of unauthorized operations or information disclosure.
|
|
PHP
JavaScript
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-32966
|
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.4.2` or later.
|
Critical
|
Apache
Cwe 863
Dolphinscheduler
|
3 weeks ago
|
|
CVE-2026-32967
|
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
Critical
|
Apache
Cwe 863
Dolphinscheduler
|
3 weeks ago
|