|
831
|
4.3 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploit…
New
|
CWE-200
Information Exposure
|
CVE-2026-22015
|
2026-04-24 00:01 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
6.5 |
MEDIUM
Network
|
oracle
|
mysql_server
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22017
|
2026-04-24 00:01 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
5.4 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_hcm_shared_components
|
Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerabi…
New
|
CWE-284
Improper Access Control
|
CVE-2026-22019
|
2026-04-24 00:00 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host …
|
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-6874
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate…
|
CWE-264
CWE-265
Permissions, Privileges, and Access Controls
Privilege Issues
|
CVE-2026-6878
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1923
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2951
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-3844
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3361
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
7.2 |
HIGH
Network
|
-
|
-
|
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up t…
|
CWE-862
Missing Authorization
|
CVE-2026-5464
|
2026-04-23 23:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
