|
151
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to p…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2729
|
2026-05-5 16:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7823
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7822
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7812
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component…
New
|
CWE-22
Path Traversal
|
CVE-2026-7811
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4362
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. …
New
|
CWE-22
Path Traversal
|
CVE-2026-7810
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of …
New
|
CWE-22
Path Traversal
|
CVE-2026-5957
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5294
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5159
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
