|
2591
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-11408
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _disp…
|
CWE-22
Path Traversal
|
CVE-2026-11411
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7795
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…
|
CWE-862
Missing Authorization
|
CVE-2026-8502
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9280
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8839
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11412
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The at…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11435
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performi…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11436
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
