|
1831
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-5999
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1832
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Perfor…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-6000
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1833
|
2.4 |
LOW
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument f…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6003
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1834
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id result…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6004
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1835
|
8.1 |
HIGH
Network
|
-
|
-
|
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method proce…
|
CWE-22
Path Traversal
|
CVE-2026-4351
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1836
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` …
|
CWE-287
Improper Authentication
|
CVE-2026-4664
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1837
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This…
|
CWE-862
Missing Authorization
|
CVE-2026-4977
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1838
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This man…
|
CWE-22
Path Traversal
|
CVE-2026-5998
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1839
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2305
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1840
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument he…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6005
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
