High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 10Web–Photo Gallery by 10Web | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. | 2026-06-04 | 7.6 | CVE-2026-49771 |
| AAM Plugin–Advanced Access Manager | Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0. | 2026-06-01 | 7.5 | CVE-2026-42674 |
| ABB–T-MAC Plus | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 2026-06-03 | 9.9 | CVE-2025-14771 |
| ABB–T-MAC Plus | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 2026-06-03 | 8.8 | CVE-2025-14772 |
| ABB–T-MAC Plus | Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 2026-06-03 | 8 | CVE-2025-14773 |
| ABB–T-MAC Plus | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 2026-06-03 | 7.4 | CVE-2025-14774 |
| ad-manager-wd–Ad Manager WD | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server. | 2026-06-04 | 9.8 | CVE-2019-25727 |
| Ahmad–WP Job Portal | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | 2026-06-02 | 9.3 | CVE-2026-42684 |
| Ahmad–WP Job Portal | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | 2026-06-02 | 7.1 | CVE-2026-42685 |
| Akmer Informatics Automation Industry and Trade Ltd. Co.–TeknoPass | Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429. | 2026-06-04 | 9.8 | CVE-2026-4104 |
| alfio-event–alf.io | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The extensi […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |