|
461
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for una…
New
|
CWE-200
Information Exposure
|
CVE-2026-6728
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS.
This issue affects Visualizer: from n/a before 4.0.0.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24573
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WpBookingly: from n/a through 1.2.9.
New
|
CWE-862
Missing Authorization
|
CVE-2026-27405
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Image Photo Gallery F…
New
|
CWE-862
Missing Authorization
|
CVE-2026-27424
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection.
This issue affects YITH WooCom…
New
|
CWE-89
SQL Injection
|
CVE-2026-42383
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affect…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45443
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
8.1 |
HIGH
Network
|
-
|
-
|
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-47107
|
2026-05-20 22:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
7.3 |
HIGH
Network
|
-
|
-
|
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation…
Update
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-26462
|
2026-05-20 22:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
- |
|
-
|
-
|
A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks.
Update
|
CWE-94
Code Injection
|
CVE-2026-6902
|
2026-05-20 16:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
- |
|
-
|
-
|
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start…
Update
|
CWE-284
CWE-427
CWE-829
Improper Access Control
Uncontrolled Search Path Element
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-7373
|
2026-05-20 08:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
