|
1951
|
- |
|
-
|
-
|
Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11994
|
2026-06-23 04:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1952
|
7.5 |
HIGH
Network
|
-
|
-
|
The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all versions up to, and including, 6.3.…
|
CWE-22
Path Traversal
|
CVE-2026-11911
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1953
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction A…
|
CWE-94
Code Injection
|
CVE-2024-58351
|
2026-06-23 04:16 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1954
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by imp…
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2024-51454
|
2026-06-23 04:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1955
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter.…
|
CWE-89
SQL Injection
|
CVE-2019-25761
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1956
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. …
|
CWE-89
SQL Injection
|
CVE-2019-25755
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1957
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type…
|
CWE-89
SQL Injection
|
CVE-2019-25752
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1958
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter.…
|
CWE-89
SQL Injection
|
CVE-2019-25749
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1959
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parame…
|
CWE-89
SQL Injection
|
CVE-2017-20264
|
2026-06-23 04:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1960
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely.
The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoc…
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-9692
|
2026-06-23 03:45 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
