CVE Security

medium 6.4

27/05/2026

Vulnérabilité medium détectée - CVE-2026-1543

The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and includ...

Web

CVE-2026-1543

Lire l'article

critical 9.8

27/05/2026

Vulnérabilité critical détectée - CVE-2026-6279

The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions ...

Applications Web

CVE-2026-6279

Lire l'article

medium 4.3

27/05/2026

Vulnérabilité medium détectée - CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponso...

Web

CVE-2026-1881

Lire l'article

medium 5.4

27/05/2026

Vulnérabilité medium détectée - CVE-2026-39960

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a texta...

Applications Web

CVE-2026-39960

Lire l'article

critical 9.8

27/05/2026

Vulnérabilité critical détectée - CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This i...

Web

CVE-2026-9082

Lire l'article

high 7.4

27/05/2026

Vulnérabilité high détectée - CVE-2026-39850

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that lead...

Web

CVE-2026-39850

Lire l'article

medium 4.6

27/05/2026

Vulnérabilité medium détectée - CVE-2026-35014

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject...

Applications Web

CVE-2026-35014

Lire l'article

medium 4.6

27/05/2026

Vulnérabilité medium détectée - CVE-2026-35015

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inj...

Applications Web

CVE-2026-35015

Lire l'article

medium 4.6

27/05/2026

Vulnérabilité medium détectée - CVE-2026-35016

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject ar...

Applications Web

CVE-2026-35016

Lire l'article

high 8.6

27/05/2026

Vulnérabilité high détectée - CVE-2026-39310

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and pr...

Applications Web

CVE-2026-39310

Lire l'article

medium 6.8

27/05/2026

Vulnérabilité medium détectée - CVE-2026-39311

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior...

Applications Web

CVE-2026-39311

Lire l'article

medium 4.6

27/05/2026

Vulnérabilité medium détectée - CVE-2026-35012

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inje...

Applications Web

CVE-2026-35012

Lire l'article