CVE Security

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in appl...

Web


                                    CVE-2026-42506

Lire l'article

medium 6.1

29/05/2026

Vulnérabilité medium détectée - CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in appl...

Web


                                    CVE-2026-25681

Lire l'article

medium 4.8

29/05/2026

Vulnérabilité medium détectée - CVE-2026-8353

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that ...

Applications Web


                                    CVE-2026-8353

Lire l'article

medium 4.3

29/05/2026

Vulnérabilité medium détectée - CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publi...

Web


                                    CVE-2026-8340

Lire l'article

high 7.5

28/05/2026

Vulnérabilité high détectée - CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the ha...

Web


                                    CVE-2026-8679

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8684

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the...

Web


                                    CVE-2026-8684

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all...

Web


                                    CVE-2026-8692

Lire l'article

high 7.5

28/05/2026

Vulnérabilité high détectée - CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includ...

Web


                                    CVE-2026-9011

Lire l'article

unknown

28/05/2026

Vulnérabilité unknown détectée - CVE-2026-25606

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for S...

Web


                                    CVE-2026-25606

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7615

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missin...

Web


                                    CVE-2026-7615

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7636

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions...

Web


                                    CVE-2026-7636

Lire l'article

medium 5.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable t...

Web


                                    CVE-2026-7798

Lire l'article

3 4 5 6 7