|
631
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interf…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-12129
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The m…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-12130
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24618
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Pay…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-12131
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() …
|
CWE-22
Path Traversal
|
CVE-2026-12089
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3297
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` f…
|
CWE-89
SQL Injection
|
CVE-2026-9848
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.2 |
HIGH
Network
|
-
|
-
|
The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9109
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomple…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9134
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayer_sav…
|
CWE-863
Incorrect Authorization
|
CVE-2026-2470
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
