Aggregator

A vulnerability, which was classified as critical, was found in CoderPress Coinbase Commerce for Contact Form 7 Plugin up to 1.1.2 on WordPress. The impacted element is the function save_settings of the component POST Handler. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-6709. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in qqqjus Slek Gateway for WooCommerce Plugin up to 1.0 on WordPress. The affected element is the function wsb_handle_slek_payment_redirect of the component IPN Call Handler. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-7626. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in hemant29 Woo Commerce Minimum Weight Plugin up to 3.0.1 on WordPress. Impacted is an unknown function of the file edit-weight.php of the component Setting Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-6932. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in saturngod Zawgyi Embed Plugin up to 2.1.1 on WordPress. This issue affects the function zawgyi_adminpage of the file options-general.php?page=zawgyi_embed. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-7616. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in thewebsitesupply GWD Conex Plugin up to 2.9 on WordPress. This vulnerability affects the function update_agent of the file gwd-backup.php. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-6663. The attack may be performed from remote. There is no available exploit.

UK anti-fraud non-profit Cifas just published research that should bother anyone who runs a b

A vulnerability marked as problematic has been reported in jeremyshapiro Next Date Plugin up to 1.0 on WordPress. This affects an unknown part of the component Shortcode Handler. This manipulation of the argument default causes cross site scripting. This vulnerability is tracked as CVE-2026-4920. The attack is possible to be carried out remotely. No exploit exists.

New StorybyGooglebyGoogle@googleGoogle develops search, advertising, cloud, and AI technologies at

Currently trending CVE - Hype Score: 1 - In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via ...

Currently trending CVE - Hype Score: 1 - The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules") details the dma-fence safe access rules. The most common culprit is that ...

Currently trending CVE - Hype Score: 9 - In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Currently trending CVE - Hype Score: 1 - Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a ...

Currently trending CVE - Hype Score: 1 - Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. ...

Currently trending CVE - Hype Score: 15 - An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an ...

A vulnerability labeled as problematic has been found in softpulseinfotech SP Blog Designer Plugin up to 1.0.0 on WordPress. Affected by this issue is the function wpsbd_post_carousel of the component Shortcode Handler. The manipulation of the argument design results in cross site scripting. This vulnerability is identified as CVE-2026-4859. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in bjornjohansen BJ Lazy Load Plugin up to 1.0.9 on WordPress. Affected by this vulnerability is the function filter_images. The manipulation of the argument Class leads to cross site scripting. This vulnerability is referenced as CVE-2026-2300. Remote exploitation of the attack is possible. No exploit is available.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

BitLocker降级攻击PoC已公开|ClaudeChrome扩展会话劫持|PHP SOAP RCE CVSS9.5|Cline WebSocket劫持CVSS9.6|SAP双漏洞|共6条高危漏洞

A vulnerability categorized as problematic has been discovered in kcseopro WP SEO Structured Data Schema Plugin up to 2.8.1 on WordPress. Affected is an unknown function. Executing a manipulation of the argument _kcseo_ative_tab can lead to cross site scripting. The identification of this vulnerability is CVE-2026-3604. The attack may be launched remotely. There is no exploit available.