|
11
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6561
|
2026-04-19 17:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param l…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6560
|
2026-04-19 16:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scriptin…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6559
|
2026-04-19 15:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-0868
|
2026-04-19 13:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-6056
|
2026-04-19 08:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
8.1 |
HIGH
Network
|
-
|
-
|
sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.
New
|
CWE-78
OS Command
|
CVE-2026-41113
|
2026-04-19 06:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
- |
|
-
|
-
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which …
New
|
CWE-94
Code Injection
|
CVE-2026-41242
|
2026-04-19 02:16 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
|
-
|
-
|
The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An at…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40948
|
2026-04-18 23:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input s…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2986
|
2026-04-18 21:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode ren…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2505
|
2026-04-18 19:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
