|
441
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50945
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
8.8 |
HIGH
Network
|
-
|
-
|
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up…
New
|
CWE-94
Code Injection
|
CVE-2022-50944
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50943
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
4.3 |
MEDIUM
Network
|
-
|
-
|
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick a…
New
|
CWE-352
Origin Validation Error
|
CVE-2021-47953
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access C…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47951
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47950
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
8.8 |
HIGH
Network
|
-
|
-
|
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager con…
New
|
CWE-59
Link Following
|
CVE-2021-47949
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers…
New
|
CWE-80
Basic XSS
|
CVE-2021-47948
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47947
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visitin…
New
|
CWE-352
Origin Validation Error
|
CVE-2021-47946
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
