|
581
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7607
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
3.7 |
LOW
Network
|
-
|
-
|
A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7606
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escapi…
|
CWE-89
SQL Injection
|
CVE-2026-6457
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circ…
|
CWE-285
Improper Authorization
|
CVE-2026-6449
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
7.2 |
HIGH
Network
|
-
|
-
|
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6229
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the…
|
CWE-862
Missing Authorization
|
CVE-2026-4650
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
8.8 |
HIGH
Network
|
-
|
-
|
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via…
|
CWE-94
Code Injection
|
CVE-2026-2052
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7605
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix pass-by-value structs causing MSAN warnings
vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their…
|
-
|
CVE-2026-43058
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: ctxfi: Fix missing SPDIFI1 index handling
SPDIF1 DAIO type isn't properly handled in daio_device_index() for
hw20k2, and it…
|
-
|
CVE-2026-31776
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
