6.3
CVE-2026-5302 - Permissive Cross-domain Policy with Untrusted Domains in coolercontrold
CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites
5.9
CVE-2026-5300 - Missing Authentication for Critical Function in coolercontrold
Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests
7.6
CVE-2026-5301 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrβ¦
Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries
8.2
CVE-2026-5208 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in cooleβ¦
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
3.3
CVE-2026-28264 -
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
7.5
CVE-2026-3396 - WCAPF β WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection
WCAPF β WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes iβ¦
6.5
CVE-2026-1672 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Croβ¦
The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possβ¦
6.4
CVE-2026-2481 - Beaver Builder Page Builder β Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Sβ¦
The Beaver Builder Page Builder β Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenβ¦
8.8
CVE-2026-3243 - Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Trβ¦
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, toβ¦
4.3
CVE-2026-1673 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Croβ¦
The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possiβ¦