|
1201
|
7.5 |
HIGH
Network
|
huawei
|
harmonyos
|
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-362
Race Condition
|
CVE-2026-34856
|
2026-04-16 13:47 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1202
|
6.5 |
MEDIUM
Network
|
huawei
|
harmonyos
|
Access control vulnerability in the memo module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
|
CWE-284
Improper Access Control
|
CVE-2026-34860
|
2026-04-16 13:45 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1203
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the galler…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5070
|
2026-04-16 13:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1204
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4032
|
2026-04-16 13:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1205
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3878
|
2026-04-16 13:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1206
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3885
|
2026-04-16 12:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1207
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3299
|
2026-04-16 11:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1208
|
6.3 |
MEDIUM
Network
|
geosolutionsgroup
|
geonode
|
GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39922
|
2026-04-16 10:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1209
|
6.3 |
MEDIUM
Network
|
geosolutionsgroup
|
geonode
|
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbou…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39921
|
2026-04-16 10:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1210
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication…
|
CWE-269
Improper Privilege Management
|
CVE-2026-4880
|
2026-04-16 09:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
