๐จ CVE-2026-56044
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Blog2Social Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56045
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Automatic Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56057
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
๐@cveNotify
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
๐@cveNotify
Patchstack
PHP Object Injection in WordPress Uncanny Automator Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56063
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
๐@cveNotify
Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress MailChimp Block Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56070
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
๐@cveNotify
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Advance Product Search Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56072
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WoodMart Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57317
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Simply Schedule Appointments Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57323
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
๐@cveNotify
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Flash & HTML5 Video Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57324
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
๐@cveNotify
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress GIFT4U Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57618
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Neve PRO Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57632
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
๐@cveNotify
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Email Marketing for WooCommerce by Omnisend Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57645
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
๐@cveNotify
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Newsletters Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57651
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Ghost Kit Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57657
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Gmail SMTP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57663
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-11919
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
GitHub
vulnerability-wolfram-cloud-14.2/disclosure.md at main ยท PeterRoberge/vulnerability-wolfram-cloud-14.2
Multi-Tenant Classpath Injection Vulnerability in Wolfram Cloud - PeterRoberge/vulnerability-wolfram-cloud-14.2