|
521
|
- |
|
-
|
-
|
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'.
The roo…
|
CWE-89
SQL Injection
|
CVE-2026-9059
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
- |
|
-
|
-
|
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/i…
|
CWE-89
SQL Injection
|
CVE-2026-9065
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
7.8 |
HIGH
Local
|
-
|
-
|
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-44933
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
7.5 |
HIGH
Local
|
-
|
-
|
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24163
|
2026-05-20 22:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
6.6 |
MEDIUM
Network
|
-
|
-
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.
This issue affects Drupal core: from 8.0.0 before 10.5.9, …
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-6366
|
2026-05-20 22:56 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
6.4 |
MEDIUM
Local
|
-
|
-
|
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w…
|
CWE-77
Command Injection
|
CVE-2026-35070
|
2026-05-20 22:56 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
7.5 |
HIGH
Network
|
-
|
-
|
The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. T…
|
CWE-89
SQL Injection
|
CVE-2026-3985
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect no…
|
CWE-352
Origin Validation Error
|
CVE-2026-6391
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigf…
|
CWE-352
Origin Validation Error
|
CVE-2026-6452
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing autho…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5293
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
