|
731
|
5.4 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_hcm_shared_components
|
Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerabi…
New
|
CWE-284
Improper Access Control
|
CVE-2026-22019
|
2026-04-24 00:00 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
9.8 |
CRITICAL
Network
|
openaev
|
openaev
|
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's…
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-24467
|
2026-04-23 23:38 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host …
New
|
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-6874
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate…
New
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-6878
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1923
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2951
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-3844
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3361
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
7.2 |
HIGH
Network
|
-
|
-
|
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up t…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5464
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.
New
|
CWE-862
Missing Authorization
|
CVE-2025-62104
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
