|
3671
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the comp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10274
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3672
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation …
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-10275
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3673
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GeoDirectory: from n/a through 2.8.157.
|
CWE-862
Missing Authorization
|
CVE-2026-42671
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3674
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Ki…
|
CWE-89
SQL Injection
|
CVE-2026-42672
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3675
|
7.5 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensit…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42673
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3676
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding.
This issue affects Advanced Access Manager: from n/a through 7.1.0.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42674
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3677
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Hydra Booking: from n/a through 1.1.41.
|
CWE-862
Missing Authorization
|
CVE-2026-42675
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3678
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.
This issue affects myCred: from n/a through 3.0.4.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42676
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3679
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Document Revisions: from n/a be…
|
CWE-862
Missing Authorization
|
CVE-2026-42677
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3680
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS.
This issue affects GiveWP: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42678
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
