|
1971
|
- |
|
-
|
-
|
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Page/Article.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34094
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
- |
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo.
This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php.
…
|
CWE-200
Information Exposure
|
CVE-2026-5266
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
7.5 |
HIGH
Network
|
yardoc
|
yard
|
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP …
|
CWE-22
Path Traversal
|
CVE-2026-41493
|
2026-05-12 23:38 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
7.4 |
HIGH
Network
|
go-git_project
|
go-git
|
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smar…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-41506
|
2026-05-12 23:33 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
9.8 |
CRITICAL
Network
|
mauriciopoppe
|
math-codegen
|
math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. Th…
|
CWE-94
Code Injection
|
CVE-2026-41507
|
2026-05-12 23:26 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attac…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47907
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
6.4 |
MEDIUM
Network
|
-
|
-
|
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47910
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47922
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-47923
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47924
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
