|
151
|
9.6 |
CRITICAL
Network
|
github
|
enterprise_server
|
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5845
|
2026-04-29 21:30 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Regist…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42652
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from …
New
|
CWE-862
Missing Authorization
|
CVE-2026-42648
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n…
New
|
CWE-89
SQL Injection
|
CVE-2026-42646
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders al…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42645
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-42644
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42643
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.
New
|
CWE-862
Missing Authorization
|
CVE-2026-42642
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42641
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
- |
|
-
|
-
|
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat…
New
|
CWE-22
CWE-494
Path Traversal
Download of Code Without Integrity Check
|
CVE-2026-42249
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
