|
1811
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5842
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipul…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-5847
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-5848
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
7.6 |
HIGH
Network
|
freescout
|
freescout
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging cus…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39384
|
2026-04-25 03:03 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-2519
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3005
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
6.6 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a…
|
CWE-287
Improper Authentication
|
CVE-2026-5959
|
2026-04-25 03:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executi…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-5960
|
2026-04-25 03:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument po…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5961
|
2026-04-25 03:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id result…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5985
|
2026-04-25 03:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
