|
741
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3454
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to p…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2729
|
2026-05-5 16:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7823
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7822
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7812
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component…
New
|
CWE-22
Path Traversal
|
CVE-2026-7811
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4362
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. …
New
|
CWE-22
Path Traversal
|
CVE-2026-7810
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of …
New
|
CWE-22
Path Traversal
|
CVE-2026-5957
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5294
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
