6.5
CVE-2025-62110 - WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.
4.3
CVE-2025-62104 - WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.
6.5
CVE-2026-28040 - WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnera…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.0.
8.7
CVE-2026-6903 - Path Traversal Vulnerability in LabOne User Interface
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the Lab…
9.3
CVE-2026-6887 - BorG Technology Corporation|Borg SPM 2007 - SQL Injection
Borg SPM 2007 (Sales Ended in 2008)Â developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
9.3
CVE-2026-6886 - BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass
Borg SPM 2007 (Sales Ended in 2008)Â developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
9.3
CVE-2026-6885 - BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
5.9
CVE-2026-3960 - Remote Code Execution in h2oai/h2o-3
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific d…
7.1
CVE-2026-3259 - Sensitive Data Disclosure in BigQuery via Materialized View Error Messages
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error dur…
7.2
CVE-2026-5464 - ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactm…
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding_key' transient to …