|
341
|
6.4 |
MEDIUM
Network
|
-
|
-
|
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers…
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25739
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requ…
New
|
CWE-22
Path Traversal
|
CVE-2019-25740
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-25741
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea…
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25742
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel…
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25743
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title …
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25744
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through th…
New
|
CWE-89
SQL Injection
|
CVE-2019-25745
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrat…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10704
|
2026-06-4 23:58 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10607
|
2026-06-4 23:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10608
|
2026-06-4 23:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
