|
171
|
3.5 |
LOW
Network
|
-
|
-
|
The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7083
|
2026-04-20 23:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6648
|
2026-04-20 22:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulati…
|
CWE-22
Path Traversal
|
CVE-2026-6636
|
2026-04-20 21:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. …
|
CWE-287
Improper Authentication
|
CVE-2026-6635
|
2026-04-20 21:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the ar…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6634
|
2026-04-20 21:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6633
|
2026-04-20 21:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
- |
|
-
|
-
|
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path:
1. resolves symlink to…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-5958
|
2026-04-20 21:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulatio…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6632
|
2026-04-20 20:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipul…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6631
|
2026-04-20 20:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of th…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6630
|
2026-04-20 20:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
