|
2901
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and includ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5411
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and includ…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-5415
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename …
|
CWE-78
OS Command
|
CVE-2026-49492
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A…
|
CWE-94
Code Injection
|
CVE-2026-49493
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - th…
|
CWE-95
Eval Injection
|
CVE-2026-50733
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
4.3 |
MEDIUM
Network
|
strawberry
|
strawberry_graphql
|
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U…
|
CWE-200
CWE-201
Information Exposure
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-45739
|
2026-06-6 03:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
4.3 |
MEDIUM
Network
|
synology
|
hyper_backup
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated use…
|
CWE-22
Path Traversal
|
CVE-2024-47273
|
2026-06-6 03:32 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
4.1 |
MEDIUM
Network
|
synology
|
hyper_backup
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti…
|
CWE-22
Path Traversal
|
CVE-2024-47263
|
2026-06-6 03:31 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
5.9 |
MEDIUM
Network
|
synology
|
note_station_client
|
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2023-52951
|
2026-06-6 03:20 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
7.8 |
HIGH
Local
|
synology
|
hyper_backup_explorer
|
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2022-49042
|
2026-06-6 03:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
