|
571
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi…
|
CWE-310
CWE-319
Cryptographic Issues
Cleartext Transmission of Sensitive Information
|
CVE-2026-7610
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7609
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
8.1 |
HIGH
Network
|
-
|
-
|
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7491
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
7.2 |
HIGH
Network
|
-
|
-
|
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7490
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
8.8 |
HIGH
Network
|
-
|
-
|
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-7489
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering the_title() insid…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5077
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public a…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7608
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
7.2 |
HIGH
Network
|
-
|
-
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5324
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio…
|
CWE-862
Missing Authorization
|
CVE-2026-4024
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
|
CWE-89
SQL Injection
|
CVE-2026-7649
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
