|
3271
|
- |
|
-
|
-
|
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing …
|
CWE-863
Incorrect Authorization
|
CVE-2026-54398
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3272
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interf…
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2026-12129
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3273
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The m…
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2026-12130
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3274
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24618
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3275
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Pay…
|
CWE-74 CWE-89
Injection SQL Injection
|
CVE-2026-12131
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3276
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() …
|
CWE-22
Path Traversal
|
CVE-2026-12089
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3277
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3297
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3278
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` f…
|
CWE-89
SQL Injection
|
CVE-2026-9848
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3279
|
7.2 |
HIGH
Network
|
-
|
-
|
The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9109
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3280
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomple…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9134
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|