|
3871
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername ca…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5838
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3872
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5839
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3873
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4336
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3874
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5840
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3875
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5842
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3876
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipul…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-5847
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3877
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-5848
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3878
|
7.6 |
HIGH
Network
|
freescout
|
freescout
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging cus…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39384
|
2026-04-25 03:03 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3879
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-2519
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3880
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3005
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
