| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-58024 | WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability | UnboundStudio | Accordion FAQ | High | 7.5 | 2026-06-02 10:24:26 | Deep Dive |
| CVE-2025-53440 | WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability | Axiomthemes | Confidant | High | 8.1 | 2026-06-02 09:53:43 | Deep Dive |
| CVE-2025-53346 | WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability | ThimPress | Thim Core | Medium | 4.3 | 2026-06-02 09:52:09 | Deep Dive |
| CVE-2025-53345 | WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability | ThimPress | Thim Core | High | 8.8 | 2026-06-02 09:47:51 | Deep Dive |
| CVE-2025-53302 | WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability | Anton Shevchuk | Constructor | Medium | 5.3 | 2026-06-02 09:45:49 | Deep Dive |
| CVE-2025-53209 | WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability | Themeisle | Masteriyo LMS PRO | Critical | 9.8 | 2026-06-02 09:43:21 | Deep Dive |
| CVE-2025-52766 | WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability | Printeers | Printeers Print & Ship | Medium | 6.5 | 2026-06-02 09:41:47 | Deep Dive |
| CVE-2025-52759 | WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | UnboundStudio | Accordion FAQ | High | 7.1 | 2026-06-02 09:40:44 | Deep Dive |
| CVE-2026-46718 | Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution | Apache Software Foundation | Apache Calcite | - | - | 2026-06-02 09:17:51 | Deep Dive |
| CVE-2026-5422 | Path Traversal in jupyter/jupyter | jupyter | jupyter/jupyter | - | - | 2026-06-02 09:11:16 | Deep Dive |
| CVE-2026-41115 | Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API | Apache Software Foundation | Apache Kafka | - | - | 2026-06-02 08:56:44 | Deep Dive |
| CVE-2026-34907 | Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia | Simple SA | Wirtualna Uczelnia | - | - | 2026-06-02 08:31:10 | Deep Dive |
| CVE-2026-34906 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia | Simple SA | Wirtualna Uczelnia | - | - | 2026-06-02 08:31:03 | Deep Dive |
| CVE-2026-5191 | Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title' | raja3c | Tiled Gallery Carousel Without JetPack | Medium | 5.4 | 2026-06-02 08:28:35 | Deep Dive |
| CVE-2026-10549 | Privilege escalation in Yandex Database | Yandex | Yandex Database | - | - | 2026-06-02 08:27:06 | Deep Dive |
| CVE-2026-9722 | Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form | pcis | Laiser Tag | Medium | 4.3 | 2026-06-02 07:48:33 | Deep Dive |
| CVE-2026-1451 | rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter | federicocarrara | rognone | Medium | 6.1 | 2026-06-02 07:48:33 | Deep Dive |
| CVE-2026-8422 | Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update | mr_mat | Remove meta boxes per user role | Medium | 4.3 | 2026-06-02 07:48:33 | Deep Dive |
| CVE-2026-3620 | Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter | takien | Word Replacer | Medium | 4.4 | 2026-06-02 07:48:32 | Deep Dive |
| CVE-2026-9730 | Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update | jamesmuga | Remove NoFollow Commenter URL | Medium | 4.3 | 2026-06-02 07:48:32 | Deep Dive |