|
1211
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization …
New
|
CWE-22
Path Traversal
|
CVE-2026-4280
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() fun…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6294
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficien…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1395
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1913
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1215
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and inclu…
New
|
CWE-862
Missing Authorization
|
CVE-2026-1930
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
New
|
CWE-352
Origin Validation Error
|
CVE-2025-58922
|
2026-04-23 05:22 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1217
|
5.3 |
MEDIUM
Network
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can cra…
Update
|
CWE-776
XML Entity Expansion
|
CVE-2026-40260
|
2026-04-23 05:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
6.1 |
MEDIUM
Local
|
opencryptoki_project
|
opencryptoki
|
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but n…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40253
|
2026-04-23 05:15 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
7.3 |
HIGH
Local
|
anthropic
|
claude_code
|
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without va…
Update
|
CWE-426
Untrusted Search Path
|
CVE-2026-35603
|
2026-04-23 03:45 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
4.8 |
MEDIUM
Network
|
cryptomator
|
cryptomator
|
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass t…
Update
|
CWE-305
CWE-319
Authentication Bypass by Primary Weakness
Cleartext Transmission of Sensitive Information
|
CVE-2026-33472
|
2026-04-23 03:44 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
