|
961
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7119
|
2026-05-1 03:22 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
|
CWE-843
Type Confusion
|
CVE-2026-6732
|
2026-05-1 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component
|
CWE-79
Cross-site Scripting
|
CVE-2026-38940
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component
|
CWE-79
Cross-site Scripting
|
CVE-2026-38939
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.
|
CWE-22
Path Traversal
|
CVE-2026-36767
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
- |
|
-
|
-
|
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting …
|
-
|
CVE-2026-36766
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36764
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36763
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36761
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
9.6 |
CRITICAL
Network
|
-
|
-
|
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files w…
|
CWE-22
Path Traversal
|
CVE-2026-36760
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
