|
1171
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the…
New
|
CWE-312
CWE-313
Cleartext Storage of Sensitive Information
Cleartext Storage in a File or on Disk
|
CVE-2026-6796
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/comm…
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-6797
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component E…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6799
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output es…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1379
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1845
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2714
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields bef…
New
|
CWE-93
CRLF Injection
|
CVE-2026-2717
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2719
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3362
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitiza…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4082
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
