|
1091
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes…
|
CWE-862
Missing Authorization
|
CVE-2026-4666
|
2026-04-17 13:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1092
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5231
|
2026-04-17 11:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1093
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2026-5162
|
2026-04-17 11:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1094
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms…
|
CWE-89
SQL Injection
|
CVE-2026-4817
|
2026-04-17 11:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1095
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers includi…
|
CWE-862
Missing Authorization
|
CVE-2026-3488
|
2026-04-17 11:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1096
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-27291
|
2026-04-17 06:23 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1097
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34628
|
2026-04-17 06:22 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1098
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34629
|
2026-04-17 06:21 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1099
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34627
|
2026-04-17 06:12 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1100
|
8.2 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-35627
|
2026-04-17 05:52 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
