|
1071
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request P…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6488
|
2026-04-17 22:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa…
|
CWE-22
Path Traversal
|
CVE-2026-6487
|
2026-04-17 22:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6486
|
2026-04-17 22:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-35618
|
2026-04-17 21:20 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. A…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-35622
|
2026-04-17 21:19 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms …
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-35624
|
2026-04-17 21:18 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6483
|
2026-04-17 20:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videoze…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6439
|
2026-04-17 18:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX de…
|
CWE-352
Origin Validation Error
|
CVE-2026-6451
|
2026-04-17 17:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdo…
|
CWE-506
Embedded Malicious Code
|
CVE-2026-6443
|
2026-04-17 16:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
