CVE-2026-40760 - WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
CVE ID :CVE-2026-40760
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40760
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40761 - WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
CVE ID :CVE-2026-40761
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40761
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48869 - WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-48869
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48869
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49057 - WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability
CVE ID :CVE-2026-49057
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49057
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49080 - WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
CVE ID :CVE-2026-49080
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49080
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49113 - WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
CVE ID :CVE-2026-49113
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49113
Published : June 16, 2026, 8:57 p.m. | 1 hour, 3 minutes ago
Description :Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11410 - OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N
CVE ID :CVE-2026-11410
Published : June 16, 2026, 9:03 p.m. | 57 minutes ago
Description :An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11410
Published : June 16, 2026, 9:03 p.m. | 57 minutes ago
Description :An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11409 - OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N
CVE ID :CVE-2026-11409
Published : June 16, 2026, 9:03 p.m. | 56 minutes ago
Description :An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11409
Published : June 16, 2026, 9:03 p.m. | 56 minutes ago
Description :An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48055 - Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction
CVE ID :CVE-2026-48055
Published : June 16, 2026, 9:17 p.m. | 42 minutes ago
Description :Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48055
Published : June 16, 2026, 9:17 p.m. | 42 minutes ago
Description :Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49073 - WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability
CVE ID :CVE-2026-49073
Published : June 16, 2026, 9:23 p.m. | 37 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49073
Published : June 16, 2026, 9:23 p.m. | 37 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39598 - WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
CVE ID :CVE-2026-39598
Published : June 16, 2026, 9:24 p.m. | 36 minutes ago
Description :Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39598
Published : June 16, 2026, 9:24 p.m. | 36 minutes ago
Description :Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25470 - WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability
CVE ID :CVE-2026-25470
Published : June 16, 2026, 9:25 p.m. | 34 minutes ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25470
Published : June 16, 2026, 9:25 p.m. | 34 minutes ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48779 - ws: Memory exhaustion DoS from tiny fragments and data chunks
CVE ID :CVE-2026-48779
Published : June 16, 2026, 9:26 p.m. | 34 minutes ago
Description :ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48779
Published : June 16, 2026, 9:26 p.m. | 34 minutes ago
Description :ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48781 - Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery
CVE ID :CVE-2026-48781
Published : June 16, 2026, 9:31 p.m. | 29 minutes ago
Description :Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from the database. Any authenticated Postiz user could forge a SUPERADMIN session and impersonate arbitrary organizations. This allowed Full Access to the following: all parts of Postiz, including users registered to the specific instance and the ability to post in the name of the victim's social media channels added to that Postiz instance. This issue has been fixed in version 2.21.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48781
Published : June 16, 2026, 9:31 p.m. | 29 minutes ago
Description :Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from the database. Any authenticated Postiz user could forge a SUPERADMIN session and impersonate arbitrary organizations. This allowed Full Access to the following: all parts of Postiz, including users registered to the specific instance and the ability to post in the name of the victim's social media channels added to that Postiz instance. This issue has been fixed in version 2.21.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2604 - Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling
CVE ID :CVE-2026-2604
Published : June 16, 2026, 9:35 p.m. | 24 minutes ago
Description :A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2604
Published : June 16, 2026, 9:35 p.m. | 24 minutes ago
Description :A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48783 - Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription
CVE ID :CVE-2026-48783
Published : June 16, 2026, 9:38 p.m. | 22 minutes ago
Description :Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The endpoint, /public/modify-subscription, could not change the persisted subscription tier, but it did execute enforcement-related side effects on the caller's own organization, including adjusting team-member enablement state, disabling integrations exceeding the asserted plan's limits, and resetting the scheduled-post cron when the asserted plan was the free tier. Impact is limited to the attacker's own organization and cannot be redirected at other tenants through this endpoint. This issue has been fixed in version 2.21.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48783
Published : June 16, 2026, 9:38 p.m. | 22 minutes ago
Description :Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The endpoint, /public/modify-subscription, could not change the persisted subscription tier, but it did execute enforcement-related side effects on the caller's own organization, including adjusting team-member enablement state, disabling integrations exceeding the asserted plan's limits, and resetting the scheduled-post cron when the asserted plan was the free tier. Impact is limited to the attacker's own organization and cannot be redirected at other tenants through this endpoint. This issue has been fixed in version 2.21.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47277 - Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks
CVE ID :CVE-2026-47277
Published : June 16, 2026, 9:43 p.m. | 17 minutes ago
Description :Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47277
Published : June 16, 2026, 9:43 p.m. | 17 minutes ago
Description :Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12447 - Google Chrome heap buffer overflow
CVE ID :CVE-2026-12447
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12447
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12448 - Google Chrome Android WebView Privilege Escalation
CVE ID :CVE-2026-12448
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12448
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12449 - Google Chrome Chromoting Use-After-Free Privilege Escalation
CVE ID :CVE-2026-12449
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12449
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12450 - Google Chrome Media Information Disclosure
CVE ID :CVE-2026-12450
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12450
Published : June 17, 2026, 1:38 a.m. | 22 minutes ago
Description :Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...