5.3
CVE-2026-22745 - CVE-2026-22745 : Denial of service in static resource handling on Windows platforms
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is serving static resβ¦
0
CVE-2026-22741 - Static resource cache poisoning in Spring MVC and WebFlux
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is configuring theΒ resource chβ¦
6.1
CVE-2026-2902 - WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting β¦
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Tβ¦
0
CVE-2026-22740 - Spring Framework DoS with Multipart Temp Files in WebFlux
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are aβ¦
5.4
CVE-2026-42641 - WordPress Share This Image plugin <= 2.14 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.
4.3
CVE-2026-42645 - WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.11.0 - Cross Site Request Forgβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fβ¦
4.3
CVE-2026-42648 - WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.
5.3
CVE-2026-42642 - WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.
7.6
CVE-2026-42646 - WordPress TaxoPress plugin <= 3.44.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through <= 3.44.0.
5.9
CVE-2026-42643 - WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through <= 4.4.11.