|
511
|
7.8 |
HIGH
Local
|
-
|
-
|
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-44933
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
7.5 |
HIGH
Local
|
-
|
-
|
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24163
|
2026-05-20 22:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
6.6 |
MEDIUM
Network
|
-
|
-
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.
This issue affects Drupal core: from 8.0.0 before 10.5.9, …
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-6366
|
2026-05-20 22:56 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
514
|
6.4 |
MEDIUM
Local
|
-
|
-
|
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w…
|
CWE-77
Command Injection
|
CVE-2026-35070
|
2026-05-20 22:56 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
515
|
7.5 |
HIGH
Network
|
-
|
-
|
The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. T…
|
CWE-89
SQL Injection
|
CVE-2026-3985
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
516
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect no…
|
CWE-352
Origin Validation Error
|
CVE-2026-6391
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigf…
|
CWE-352
Origin Validation Error
|
CVE-2026-6452
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
518
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing autho…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5293
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6072
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.1.1. This is due…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6394
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
