|
471
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-47923
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47922
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.4 |
MEDIUM
Network
|
-
|
-
|
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47910
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47907
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
6.5 |
MEDIUM
Local
|
-
|
-
|
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim …
New
|
CWE-88
Argument Injection
|
CVE-2026-45181
|
2026-05-10 17:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument se…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8234
|
2026-05-10 16:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
2.9 |
LOW
Local
|
-
|
-
|
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-45186
|
2026-05-10 16:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8231
|
2026-05-10 15:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
- |
|
-
|
-
|
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML docu…
New
|
CWE-404
CWE-835
Improper Resource Shutdown or Release
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-7263
|
2026-05-10 15:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
- |
|
-
|
-
|
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectl…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-6104
|
2026-05-10 15:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
