|
4271
|
9.8 |
CRITICAL
Network
|
-
|
-
|
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…
|
CWE-862
Missing Authorization
|
CVE-2026-39910
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4272
|
9.4 |
CRITICAL
Network
|
-
|
-
|
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…
|
CWE-22
Path Traversal
|
CVE-2026-41448
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4273
|
- |
|
-
|
-
|
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…
|
CWE-78
OS Command
|
CVE-2026-8913
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4274
|
7.5 |
HIGH
Network
|
-
|
-
|
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…
|
CWE-78
OS Command
|
CVE-2026-40519
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4275
|
7.1 |
HIGH
Network
|
-
|
-
|
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49141
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4276
|
3.5 |
LOW
Network
|
-
|
-
|
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrato…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8981
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4277
|
- |
|
-
|
-
|
SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…
|
CWE-89
SQL Injection
|
CVE-2026-10731
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4278
|
8.2 |
HIGH
Network
|
-
|
-
|
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST pa…
|
CWE-89
SQL Injection
|
CVE-2016-20062
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4279
|
7.1 |
HIGH
Network
|
-
|
-
|
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attac…
|
CWE-89
SQL Injection
|
CVE-2016-20063
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4280
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacke…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20064
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
