CVE-2026-15540 - SourceCodester Online Book Store System Administrative index.php php file inclusion
CVE ID :CVE-2026-15540
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-15540
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-15541 - will-moss Isaiah Master Websocket server.go Server.Handle authorization
CVE ID :CVE-2026-15541
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-15541
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-15542 - will-moss Isaiah Websocket Connection Authentication main.go improper authentication
CVE ID :CVE-2026-15542
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-15542
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-15543 - Tenda CH22 CertListInfo formCertListInfo buffer overflow
CVE ID :CVE-2026-15543
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-15543
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-15544 - Shibby Tomato apcupsd tomatodata.cgi getupsvar stack-based overflow
CVE ID :CVE-2026-15544
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-15544
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4769 - Unauthenticated Access to Internal Diagnostic Interface
CVE ID :CVE-2026-4769
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4769
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57829 - Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7
CVE ID :CVE-2026-57829
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57829
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57830 - Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion < 2.2.7
CVE ID :CVE-2026-57830
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57830
Published : July 13, 2026, 8:16 a.m. | 14 minutes ago
Description :The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-59515 - WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability
CVE ID :CVE-2026-59515
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-59515
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-59516 - WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-59516
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through <= 12.1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-59516
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through <= 12.1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-59518 - WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability
CVE ID :CVE-2026-59518
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-59518
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-59521 - WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability
CVE ID :CVE-2026-59521
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-59521
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-59523 - WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
CVE ID :CVE-2026-59523
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.11.11.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-59523
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.11.11.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61952 - WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability
CVE ID :CVE-2026-61952
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61952
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61955 - WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability
CVE ID :CVE-2026-61955
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through <= 3.0.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61955
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through <= 3.0.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61956 - WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID :CVE-2026-61956
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام – همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام – همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61956
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام – همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام – همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61958 - WordPress License Manager for WooCommerce plugin <= 3.0.17 - Arbitrary Content Deletion vulnerability
CVE ID :CVE-2026-61958
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.17.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61958
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.17.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61968 - WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability
CVE ID :CVE-2026-61968
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61968
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61970 - WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability
CVE ID :CVE-2026-61970
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61970
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61971 - WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability
CVE ID :CVE-2026-61971
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61971
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61975 - WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-61975
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through <= 3.0.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-61975
Published : July 13, 2026, 10:16 a.m. | 2 hours, 14 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through <= 3.0.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...