|
141
|
- |
|
-
|
-
|
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixe…
New
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-43869
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
- |
|
-
|
-
|
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issu…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-43868
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up t…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3601
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
7.5 |
HIGH
Network
|
-
|
-
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due…
New
|
CWE-89
SQL Injection
|
CVE-2026-3359
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
- |
|
-
|
-
|
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plai…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-7824
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
New
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
New
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
7.5 |
HIGH
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path…
New
|
CWE-22
Path Traversal
|
CVE-2026-5192
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection.
This issue affects WebinarIgnition: …
New
|
CWE-89
SQL Injection
|
CVE-2026-40797
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3454
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
