|
2031
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MyCryptoCheckout: from n/a throug…
|
CWE-862
Missing Authorization
|
CVE-2026-45209
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2032
|
8.8 |
HIGH
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation.
This issue affects Smart Manager: from n/a through 8.85.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-45216
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2033
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation.
This issue affects Stripe Payment Ga…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-45217
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS.
This issue affects WP Activity Log: from n/a thr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45435
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Smart Coupons for WooCommer…
|
CWE-862
Missing Authorization
|
CVE-2026-45438
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection.
This issue affects Unlimited Elemen…
|
CWE-89
SQL Injection
|
CVE-2026-48837
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2037
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9411
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9412
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg lea…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9413
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2040
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9414
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
