|
2901
|
7.5 |
HIGH
Network
|
-
|
-
|
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. Thi…
|
CWE-862
Missing Authorization
|
CVE-2026-10737
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection.
This issue affects Photo Gallery by 10W…
|
CWE-89
SQL Injection
|
CVE-2026-49771
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.
This issue affects WP eMember: from…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-49077
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
8.8 |
HIGH
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability all…
|
CWE-269
Improper Privilege Management
|
CVE-2026-46837
|
2026-06-4 22:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
7.4 |
HIGH
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability al…
|
CWE-284
Improper Access Control
|
CVE-2026-46818
|
2026-06-4 22:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
9.8 |
CRITICAL
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allo…
|
CWE-269
CWE-287
CWE-306
Improper Privilege Management
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-46817
|
2026-06-4 22:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
4.9 |
MEDIUM
Network
|
progress
|
sitefinity
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used co…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-7313
|
2026-06-4 22:12 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
7.5 |
HIGH
Network
|
progress
|
sitefinity
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.844…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-7312
|
2026-06-4 22:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
8.1 |
HIGH
Network
|
progress
|
sitefinity
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.…
|
CWE-20
Improper Input Validation
|
CVE-2026-7195
|
2026-06-4 21:51 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
9.8 |
CRITICAL
Network
|
progress
|
sitefinity
|
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in f…
|
CWE-284
Improper Access Control
|
CVE-2026-7198
|
2026-06-4 21:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
