|
1141
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6486
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1142
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request P…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6488
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1143
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backg…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6489
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1144
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramet…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6490
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1145
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed o…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-6492
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1146
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6493
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1147
|
7.5 |
HIGH
Network
|
-
|
-
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to t…
|
CWE-22
Path Traversal
|
CVE-2026-5710
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1148
|
8.1 |
HIGH
Network
|
-
|
-
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5718
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1149
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2434
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1150
|
7.5 |
HIGH
Network
|
-
|
-
|
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…
|
CWE-200
Information Exposure
|
CVE-2026-2262
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
