Published threat advisories for June 20, 2026

A vulnerability exists in AVideo's Meet plugin that allows an attacker to bypass authorization. By obtaining a shared secret and uploading a specially crafted file, an attacker can hijack user sessions, including administrative ones, potentially leading to a full account takeover. This issue impacts system security and

NVD published: June 20, 2026

A critical vulnerability exists in Flowise that allows an attacker to inject configuration during execution via the `overrideConfig` option. This can lead to remote code execution, denial of service, server-side request forgery, and data exfiltration through the frontend or backend API. The issue is self-targeted and d

NVD published: June 20, 2026

A critical vulnerability in WooCommerce enables remote code execution by allowing attackers to inject shell commands through the product-type parameter. This could permit attackers to write malicious PHP files to the web root, potentially impacting service integrity and availability. The core concern is confirming rele

NVD published: June 20, 2026

A WordPress plugin vulnerability allows attackers to bypass authentication and gain unauthorized access to user accounts via its social media login feature. This could lead to unauthorized control over websites and sensitive information, making it crucial to identify and remediate affected sites.

NVD published: June 20, 2026

A vulnerability in the iCagenda Joomla extension allows arbitrary file uploads, potentially leading to PHP code execution and server compromise. This affects websites using the extension for file attachments and could impact the availability and integrity of the site and its data if reachable.

NVD published: June 20, 2026

A critical vulnerability in SP LMS allows unauthenticated remote code execution through deserialization of user-controlled cookie data. This could lead to a server compromise.

NVD published: June 20, 2026

A critical vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, potentially leading to PHP code execution. This could compromise public-facing Joomla websites by enabling attackers to execute code on the server.

NVD published: June 20, 2026

The Branda plugin for WordPress has a critical vulnerability allowing unauthenticated attackers to take over any user account, including administrators, by changing passwords due to improper identity validation. This could lead to unauthorized access and control of WordPress sites.

NVD published: June 20, 2026