|
2261
|
5.2 |
MEDIUM
Local
|
-
|
-
|
UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
|
CWE-284
Improper Access Control
|
CVE-2026-41984
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2262
|
5.1 |
MEDIUM
Local
|
-
|
-
|
UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
|
CWE-284
Improper Access Control
|
CVE-2026-41985
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2263
|
2.4 |
LOW
Physics
|
-
|
-
|
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-41986
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2264
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen…
|
CWE-94
Code Injection
|
CVE-2026-11393
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2265
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10862
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2266
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11620
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2267
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11621
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2268
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5714
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2269
|
7.2 |
HIGH
Network
|
-
|
-
|
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7556
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2270
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10024
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
