|
21
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook …
New
|
CWE-89
SQL Injection
|
CVE-2026-4061
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user …
New
|
CWE-89
SQL Injection
|
CVE-2026-4060
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. …
New
|
CWE-22
Path Traversal
|
CVE-2026-7627
|
2026-05-2 20:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7612
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7611
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi…
New
|
CWE-310
CWE-319
Cryptographic Issues
Cleartext Transmission of Sensitive Information
|
CVE-2026-7610
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7609
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
8.1 |
HIGH
Network
|
-
|
-
|
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7491
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
7.2 |
HIGH
Network
|
-
|
-
|
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7490
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.8 |
HIGH
Network
|
-
|
-
|
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
New
|
CWE-89
SQL Injection
|
CVE-2026-7489
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
