Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Vulnerability List - Page 47

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-10057 ITP Technology|ITS Intelligent SCADA System - Stored Cross-Site Scripting ITP TechnologyITS Intelligent SCADA System Medium 4.8 2026-05-29 08:34:34 Deep Dive
CVE-2026-49198 Predator Connect W6x: MQTT Broker Access Control AcerPredator Connect W6x--2026-05-29 08:30:28 Deep Dive
CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification) scottpatersonContact Form 7 – PayPal & Stripe Add-on Medium 5.3 2026-05-29 08:28:24 Deep Dive
CVE-2026-49197 Predator Connect W6x: Improper Authentication AcerPredator Connect W6x--2026-05-29 08:24:06 Deep Dive
CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection AcerPredator Connect W6x--2026-05-29 08:15:50 Deep Dive
CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request Network OptixNx Witness VMS High 7.5 2026-05-29 08:05:00 Deep Dive
CVE-2026-49195 Predator Connect W6x: unauthenticated Debug Service AcerPredator Connect W6x--2026-05-29 08:02:49 Deep Dive
CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints Red HatRed Hat Quay 3 Medium 4.1 2026-05-29 07:59:20 Deep Dive
CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter shabtiFrontend Admin by DynamiApps Medium 4.9 2026-05-29 07:46:49 Deep Dive
CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form dglingrenMedia Library Assistant High 8.1 2026-05-29 07:46:48 Deep Dive
CVE-2026-49322 Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user PIN from observed exchange Indian Motorcycle (Polaris Inc.)Scout Bobber + Tech Medium 4.3 2026-05-29 07:29:56 Deep Dive
CVE-2026-4776 Mautic 安全漏洞 -- High 7.1 2026-05-29 06:58:24 Deep Dive
CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting linkwhsprLink Whisper Free High 7.2 2026-05-29 06:43:43 Deep Dive
CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification glboyOTP Login With Phone Number, OTP Verification Critical 9.8 2026-05-29 06:43:42 Deep Dive
CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter posimyththemesThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce Medium 6.4 2026-05-29 06:43:41 Deep Dive
CVE-2026-9493 BankPro E-Service Technology|Service Center - Insecure Direct Object Reference BankPro E-Service TechnologyService Center Medium 6.5 2026-05-29 05:54:57 Deep Dive
CVE-2026-9714 Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute creaweb2bSimple Divi Shortcode Medium 6.4 2026-05-29 05:32:38 Deep Dive
CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection sbthemesWooCommerce Infinite Scroll and Ajax Pagination High 8.8 2026-05-29 05:32:37 Deep Dive
CVE-2025-14042 Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Portfolio Project Details themesuiteAutomotive Car Dealership Business WordPress Theme Medium 6.4 2026-05-29 05:32:37 Deep Dive
CVE-2026-8732 WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action flippercodeWP Maps Pro Critical 9.8 2026-05-29 05:32:36 Deep Dive