|
3661
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GeoDirectory: from n/a through 2.8.157.
|
CWE-862
Missing Authorization
|
CVE-2026-42671
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3662
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Ki…
|
CWE-89
SQL Injection
|
CVE-2026-42672
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3663
|
7.5 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensit…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42673
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3664
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding.
This issue affects Advanced Access Manager: from n/a through 7.1.0.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42674
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3665
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Hydra Booking: from n/a through 1.1.41.
|
CWE-862
Missing Authorization
|
CVE-2026-42675
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3666
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.
This issue affects myCred: from n/a through 3.0.4.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42676
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3667
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Document Revisions: from n/a be…
|
CWE-862
Missing Authorization
|
CVE-2026-42677
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3668
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS.
This issue affects GiveWP: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42678
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3669
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal.
This issue affects Classified Listing: from n…
|
CWE-22
Path Traversal
|
CVE-2026-42679
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3670
|
6.5 |
MEDIUM
Network
|
rust-lang
|
cargo
|
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na…
|
CWE-647
Use of Non-Canonical URL Paths for Authorization Decisions
|
CVE-2026-5222
|
2026-06-2 02:56 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
