 | CVE-2026-11452 | GL.iNet GL-MT3000 up to 4.4.5 SET_USER_PWD /cgi-bin/glc FUN_0042e200 Password command injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-11451 | GL.iNet GL-MT3000 4.4.5 FTP Protocol /cgi-bin/glc snprintf media_dir command injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-11449 | GL.iNet GL-MT3000 4.4.5 LuCI JSON-RPC Interface /cgi-bin/luci/rpc rpc_sys command injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-10725 | CRUX Protocol::HTTP/2 up to 1.12 on Perl headers_decode HTTP/2 Bomb data amplification | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9719 | LatePoint Plugin up to 5.6.0 on WordPress Appointment change_status cross-site request forgery | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8900 | spyrosvl Simple SEO Slideshow Plugin up to 1.2.8 on WordPress Shortcode cross site scripting (fdff-4525-9272) | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8893 | payaddons Express Payment for Stripe Plugin up to 1.28.0 on WordPress Shortcode register_shortcode Type cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8438 | davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress AIOS Dashboard get_rest_route REQUEST_URI cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9280 | spacetime Ad Inserter Plugin up to 2.8.15 on WordPress Iframe Mode cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8991 | glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin Setting cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7796 | wpdevteam EmbedPress Plugin up to 4.5.3 on WordPress cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-6242 | TP-Link Tapo C520WS v2 ONVIF Subscribe Service format string | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-6240 | TP-Link Tapo C520WS v2 ONVIF DeleteUsers Service stack-based overflow | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-6239 | TP-Link Tapo C520WS v2 ONVIF CreateUsers Service stack-based overflow | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7523 | alejo30 Alba Board Plugin up to 2.1.3 on WordPress authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8976 | ThemeIsle RSS Aggregator by Feedzy Plugin up to 5.1.7 on WordPress authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8901 | plugcrux Integration for Freshsales Plugin up to 1.0.15 on WordPress CRM API cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9016 | qriouslad Debug Log Manager Plugin up to 2.5.0 on WordPress AJAX log_js_errors pageUrl neutralization for logs | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9594 | flippercode WP Maps Plugin up to 4.9.4 on WordPress location_messages cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7047 | absikandar Frontend User Notes Plugin up to 2.1.1 on WordPress wp_update_post cross-site request forgery | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-34123 | TP-Link Tapo C520WS v2 Configuration improper authentication | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9197 | nextendweb Smart Slider 3 Plugin up to 3.5.1.36 on WordPress replaceHTMLImage path traversal | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9851 | masaakitanaka Booking Package Plugin up to 1.7.16 on WordPress AJAX Endpoint Schedule::updateUser administrator authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8611 | klamra22 Klamra Paycal for Aspaclaria Plugin up to 1.1.4 on WordPress invoice_id authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8978 | crafium OptinCraft Plugin up to 1.2.0 on WordPress order_by sql injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8502 | ThimPress LearnPress Plugin up to 4.3.6 on WordPress archive-course return_type authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8608 | awordpresslife Event Monster Plugin up to 2.1.0 on WordPress PayPal API capture_payment data authenticity | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-10038 | smub Charitable Plugin up to 1.8.11.1 on WordPress save_avatar authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2025-12656 | wpvividplugins WPvivid Plugin up to 0.9.128 on WordPress Path Validation delete_cancel_staging_site file inclusion | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9829 | 10web Photo Gallery Plugin up to 1.8.41 on WordPress AJAX page sql injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-8839 | chrisvrichardson MapPress Maps for WordPress Plugin up to 2.96.6 on WordPress REST API /wp-json/mapp/v1/maps rest_api_init authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-6448 | expresstech Quiz and Survey Master Plugin up to 11.1.2 on WordPress order sql injection | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9008 | webvitaly Page-list Plugin up to 6.2 on WordPress pagelist_unqprfx_ext_shortcode show_meta_key authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7537 | MDJM Event Management Plugin up to 1.7.8.3 on WordPress mdjm_send_comm_email unrestricted upload | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7624 | cifi SEO Plugin by Squirrly SEO up to 12.4.16 on WordPress Setting /gsc/revoke authorization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-45409 | kjd idna up to 3.14 Compatibility idna.encode redos (GHSA-65pc-fj4g-8rjx) | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9290 | wpusermanager WP User Manager Plugin up to 2.9.17 on WordPress User Profile path traversal | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-9281 | litonice13 Master Addons for Elementor Plugin up to 3.1.0 on WordPress POST admin-ajax.php jtlma_custom_js cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7795 | holithemes Click to Chat Plugin up to 4.39 on WordPress WA Widget CCW_Shortcode::shortcode num cross site scripting | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7566 | ThimPress LearnPress Plugin up to 4.1.4 on WordPress deserialization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-2500 | davidfcarr Quick Playground Plugin up to 1.3.4 on WordPress POST Parameter wp-config.php qckply_data filename path traversal | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-7654 | codepress Admin Columns Plugin up to 7.0.18 on WordPress unserialize deserialization | 2026-06-06 | True | vuldb.com | True | | |
| CVE-2026-11437 | perfree go-fastdfs-web up to 1.3.7 Installation Endpoint /install/checkServer server-side request forgery | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-11436 | Mage AI up to 0.9.79 Sign-in Flow index.tsx useMutation query.redirect_url cross site scripting | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-11435 | Jinher OA 1.0 nextselectplan.aspx httpOID sql injection | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-25624 | Arista Edge Threat Management up to 17.4.0 Web User Interface cross site scripting | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-11416 | jxxghp MoviePilot up to 2.13.3 Remote Cloud Storage API path traversal | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-11414 | Altium Enterprise Server up to 8.1.0 Vault Service hard-coded credentials | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-11424 | Altium Enterprise Server/365 up to 8.1.0 GraphQL Service server-side request forgery | 2026-06-05 | True | vuldb.com | True | | |
| CVE-2026-46389 | defenseunicorns uds-identity-config up to 0.26.0 Keycloak Token Endpoint improper authentication (GHSA-8mg2-6588-r4hw) | 2026-06-05 | True | vuldb.com | True | | |
