|
2861
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the pl…
|
CWE-862
Missing Authorization
|
CVE-2026-6937
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.…
|
CWE-89
SQL Injection
|
CVE-2026-7048
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability …
|
CWE-862
Missing Authorization
|
CVE-2026-8689
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is…
|
CWE-862
Missing Authorization
|
CVE-2026-9015
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
7.0 |
HIGH
Local
|
-
|
-
|
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
|
CWE-78
OS Command
|
CVE-2026-44604
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …
|
CWE-59
Link Following
|
CVE-2026-9804
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.
This issue affects Apache Shiro from 2.0-alpha…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44598
|
2026-05-28 22:44 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44708
|
2026-05-28 22:44 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
selinux: use sk blob accessor in socket permission helpers
SELinux socket state lives in the composite LSM socket blob.
sock_has…
|
-
|
CVE-2026-46104
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()
Sashiko points out there are two bugs here in the error u…
|
-
|
CVE-2026-46126
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
