|
2171
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through th…
|
CWE-89
SQL Injection
|
CVE-2019-25750
|
2026-06-23 03:37 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2172
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. …
|
CWE-89
SQL Injection
|
CVE-2019-25756
|
2026-06-23 03:37 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2173
|
7.5 |
HIGH
Network
|
-
|
-
|
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attacke…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2019-25762
|
2026-06-23 03:37 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2174
|
5.5 |
MEDIUM
Local
|
-
|
-
|
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit thi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-56074
|
2026-06-23 03:36 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2175
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56227
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2176
|
- |
|
-
|
-
|
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers ca…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-56276
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2177
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through dif…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2026-56319
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2178
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is …
|
CWE-601
Open Redirect
|
CVE-2026-56332
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2179
|
6.8 |
MEDIUM
Network
|
-
|
-
|
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, wh…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56342
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2180
|
6.5 |
MEDIUM
Network
|
-
|
-
|
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can sub…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-56346
|
2026-06-23 03:36 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
