|
221
|
9.8 |
CRITICAL
Network
|
victoralagwu
|
cmssite
|
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET req…
Update
|
CWE-89
SQL Injection
|
CVE-2019-25697
|
2026-04-18 01:41 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
7.1 |
HIGH
Network
|
montala
|
resourcespace
|
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection…
Update
|
CWE-352
CWE-89
Origin Validation Error
SQL Injection
|
CVE-2019-25693
|
2026-04-18 01:37 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
7.8 |
HIGH
Local
|
socusoft
|
html5_video_player
|
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payl…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25689
|
2026-04-18 01:19 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
6.1 |
MEDIUM
Network
|
dynalon
|
mdwiki
|
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2017-20239
|
2026-04-18 01:19 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
6.1 |
MEDIUM
Network
|
lollms
|
lollms
|
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-1116
|
2026-04-18 01:18 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compon…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6497
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiter…
New
|
CWE-521
Weak Password Requirements
|
CVE-2026-6284
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
New
|
CWE-89
SQL Injection
|
CVE-2026-37749
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
- |
|
-
|
-
|
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
New
|
CWE-77
Command Injection
|
CVE-2026-21709
|
2026-04-18 01:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
6.5 |
MEDIUM
Network
|
phoca
|
maps
|
Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-23900
|
2026-04-18 01:15 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
