|
811
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
tapo_c200_firmware
|
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent atta…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-12760
|
2026-06-30 01:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
8.5 |
HIGH
Network
|
-
|
-
|
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Update
|
CWE-89
SQL Injection
|
CVE-2026-57642
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-57629
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
7.1 |
HIGH
Network
|
-
|
-
|
Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.
Update
|
CWE-22
Path Traversal
|
CVE-2026-57321
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-57314
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
7.5 |
HIGH
Network
|
-
|
-
|
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any…
New
|
CWE-359 CWE-497
Exposure of Private Personal Information to an Unauthorized Actor Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-56124
|
2026-06-30 01:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
Update
|
CWE-862
Missing Authorization
|
CVE-2026-56061
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56048
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-56041
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Update
|
CWE-89
SQL Injection
|
CVE-2026-56034
|
2026-06-30 01:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|