Total 363239 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-40791 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-40794 2 Mycred, Wordpress 2 Mycred, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-42386 2 Tychesoftwares, Wordpress 2 Order Delivery Date For Woocommerce, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVE-2026-42639 2 Dev4press, Wordpress 2 Gd Rating System, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42667 2 Bookly, Wordpress 2 Bookly, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
CVE-2026-42688 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42775 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-34892 2 Rank Math Seo, Wordpress 2 Rank Math Seo, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2026-39463 2 Managewp, Wordpress 2 Managewp Worker, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
CVE-2026-39474 2 Metaphorcreations, Wordpress 2 Post Duplicator, Wordpress 2026-06-16 8.8 High
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
CVE-2026-12202 1 Intelliants 1 Subrion Cms 2026-06-16 2.4 Low
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-39512 2 Paolo, Wordpress 2 Geodirectory, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
CVE-2026-49105 2 Crmperks, Wordpress 2 Wp Zendesk For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress 2026-06-16 9.8 Critical
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-52693 2 Implecode, Wordpress 2 Ecommerce Product Catalog, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVE-2026-44168 2 Mariadb, Redhat 2 Server, Hummingbird 2026-06-16 8 High
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
CVE-2025-31200 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-06-16 9.8 Critical
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
CVE-2025-24132 1 Apple 3 Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug-in 2026-06-16 6.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.
CVE-2026-40767 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
CVE-2026-48965 2 Watchful, Wordpress 2 Xcloner, Wordpress 2026-06-16 6.5 Medium
Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.