|
1381
|
- |
|
-
|
-
|
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by se…
New
|
CWE-22
Path Traversal
|
CVE-2026-9506
|
2026-06-9 00:01 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…
Update
|
CWE-22
CWE-269
Path Traversal
Improper Privilege Management
|
CVE-2026-11423
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…
Update
|
CWE-200
CWE-918
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-11424
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…
Update
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-11431
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
8.1 |
HIGH
Network
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix pr…
|
CWE-308
Use of Single-factor Authentication
|
CVE-2026-45749
|
2026-06-8 23:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47982
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47983
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldn…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47984
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path param…
|
CWE-22
Path Traversal
|
CVE-2022-50953
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54350
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
