|
3021
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection.
This issue affects Duplicate Pa…
|
CWE-89
SQL Injection
|
CVE-2026-49046
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3022
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Adminimize: from n/a through 1.11.11.
|
CWE-862
Missing Authorization
|
CVE-2026-49045
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3023
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS.
This issue affects Ad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-49044
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3024
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SVG Support: from n/a through 2.5.14.
|
CWE-862
Missing Authorization
|
CVE-2026-48973
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3025
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47119
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3026
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, whi…
|
CWE-22
Path Traversal
|
CVE-2026-47118
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3027
|
9.8 |
CRITICAL
Network
|
-
|
-
|
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invo…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44668
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3028
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety sca…
|
CWE-78
OS Command
|
CVE-2026-44444
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3029
|
- |
|
-
|
-
|
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php
|
-
|
CVE-2026-37711
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3030
|
- |
|
-
|
-
|
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).
|
-
|
CVE-2026-31266
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
