Search
Search Results (358229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54420 | 2 Litespeed Technologies, Litespeedtech | 3 Cpanel Plugin, Litespeed Cpanel Plugin, Litespeed Whm Plugin | 2026-06-15 | 8.5 High |
| LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026. | ||||
| CVE-2026-52703 | 2026-06-15 | 9.6 Critical | ||
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||||
| CVE-2026-52702 | 2026-06-15 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | ||||
| CVE-2026-52700 | 2026-06-15 | 8.5 High | ||
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-52699 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | ||||
| CVE-2026-52697 | 2026-06-15 | 8.5 High | ||
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | ||||
| CVE-2026-52695 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52694 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52693 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | ||||
| CVE-2026-52692 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-49781 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | ||||
| CVE-2026-49780 | 2026-06-15 | 8.8 High | ||
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||||
| CVE-2026-49776 | 2026-06-15 | 9.3 Critical | ||
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-49775 | 2026-06-15 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-49773 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | ||||
| CVE-2026-49770 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||||
| CVE-2026-49769 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | ||||
| CVE-2026-49768 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | ||||
| CVE-2026-49766 | 2026-06-15 | 9.9 Critical | ||
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49765 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | ||||