|
1041
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa…
Update
|
CWE-22
Path Traversal
|
CVE-2026-6487
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms…
Update
|
CWE-89
SQL Injection
|
CVE-2026-4817
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input san…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5231
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-4666
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, an…
Update
|
CWE-89
SQL Injection
|
CVE-2026-3330
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insuffi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-4853
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such…
Update
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-6491
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argum…
Update
|
CWE-22
Path Traversal
|
CVE-2026-6496
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::creat…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5234
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio_rest_pre_insert_import_assets()…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-5427
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
