最新预警列表

MEDIUM NVD Recent 2026-06-18

CVE-2026-11784:The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vuln

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation

MEDIUM NVD Recent 2026-06-18

CVE-2026-11402:The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cr

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and ou

MEDIUM NVD Recent 2026-06-18

CVE-2026-11360:The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_dire

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_direction' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of s

MEDIUM NVD Recent 2026-06-18

CVE-2026-11358:The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulne

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitizat

MEDIUM NVD Recent 2026-06-18

CVE-2026-11357:The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Informati

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor_assets_variables. This makes it possible for authenticated attac

MEDIUM NVD Recent 2026-06-18

CVE-2026-10029:The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitiv

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated at

MEDIUM NVD Recent 2026-06-17

CVE-2026-9271:Vulnerability Title

Vulnerability Title

LOW NVD Recent 2026-06-17

CVE-2026-9269:The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some o

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil

CRITICAL NVD Recent 2026-06-17

CVE-2026-49875:Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.

MEDIUM NVD Recent 2026-06-17

CVE-2026-48914:A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malform

MEDIUM NVD Recent 2026-06-17

CVE-2026-12058:The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

MEDIUM NVD Recent 2026-06-17

CVE-2026-12060:Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticate

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the H

HIGH NVD Recent 2026-06-17

CVE-2026-12059:The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized sc

MEDIUM NVD Recent 2026-06-17

CVE-2026-11847:The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowi

The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.

HIGH NVD Recent 2026-06-17

CVE-2026-11846:The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerabilit

The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories,  resulting in

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。