|
401
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2019-25742
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
5.4 |
MEDIUM
Network
|
-
|
-
|
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2019-25739
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain…
New
|
CWE-74
Injection
|
CVE-2026-46546
|
2026-06-10 10:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
- |
|
-
|
-
|
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a sta…
New
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-44634
|
2026-06-10 10:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
4.3 |
MEDIUM
Network
|
-
|
-
|
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53675
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
7.1 |
HIGH
Network
|
-
|
-
|
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat…
New
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-53674
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
8.1 |
HIGH
Network
|
-
|
-
|
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a us…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53673
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate…
New
|
CWE-287
Improper Authentication
|
CVE-2026-47838
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
