|
3281
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS.
This issue affects VikBooki…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42683
|
2026-06-2 01:41 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3282
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS.
This issue affects WP Statistics: from n/a throug…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48839
|
2026-06-2 01:41 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3283
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS.
This issue affects LearnPress: from n/a through 4.3.6.
|
CWE-79
Cross-site Scripting
|
CVE-2026-48865
|
2026-06-2 01:41 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3284
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal.
This issue affects Gravity Forms: from n/a thro…
|
CWE-22
Path Traversal
|
CVE-2026-48866
|
2026-06-2 01:41 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3285
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation.
This issue affects AIWU: from n/a through 1.4.17.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-48879
|
2026-06-2 01:41 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3286
|
- |
|
-
|
-
|
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.
In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-refere…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8796
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3287
|
- |
|
-
|
-
|
SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi…
|
CWE-862
Missing Authorization
|
CVE-2026-40543
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3288
|
- |
|
-
|
-
|
SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40544
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3289
|
- |
|
-
|
-
|
SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-40545
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3290
|
- |
|
-
|
-
|
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.…
|
CWE-89
SQL Injection
|
CVE-2026-40546
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
