|
731
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54342
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-5 20:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-5 20:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up t…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3601
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
7.5 |
HIGH
Network
|
-
|
-
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due…
New
|
CWE-89
SQL Injection
|
CVE-2026-3359
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
- |
|
-
|
-
|
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plai…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-7824
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
- |
|
-
|
-
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
New
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
New
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
7.5 |
HIGH
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path…
New
|
CWE-22
Path Traversal
|
CVE-2026-5192
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection.
This issue affects WebinarIgnition: …
New
|
CWE-89
SQL Injection
|
CVE-2026-40797
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
