|
531
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config…
Update
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7595
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py …
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7596
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Perf…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7599
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulati…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7600
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denia…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7601
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6378
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to in…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-7209
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation…
Update
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7602
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/…
Update
|
CWE-200
Information Exposure
|
CVE-2025-14726
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-4882
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
