|
1181
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6127
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql inje…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7555
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() fun…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-7567
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. E…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7578
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'hand…
|
CWE-352
Origin Validation Error
|
CVE-2026-3140
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and '…
|
CWE-352
Origin Validation Error
|
CVE-2026-3772
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argum…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7580
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to pe…
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-7581
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax…
|
CWE-862
Missing Authorization
|
CVE-2026-3143
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Ha…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-7582
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
