|
1851
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BR…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6037
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1852
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argum…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6038
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1853
|
3.3 |
LOW
Local
|
-
|
-
|
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results …
|
CWE-404
CWE-407
Improper Resource Shutdown or Release
Inefficient Algorithmic Complexity
|
CVE-2026-6042
|
2026-04-25 03:01 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1854
|
7.1 |
HIGH
Network
|
-
|
-
|
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to per…
|
CWE-862
Missing Authorization
|
CVE-2026-4162
|
2026-04-25 03:00 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1855
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro videopro allows PHP Local File Inclusion.This issue affe…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-58913
|
2026-04-25 03:00 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1856
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through <= 2.2…
|
CWE-79
Cross-site Scripting
|
CVE-2025-58920
|
2026-04-25 03:00 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1857
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.Th…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-5804
|
2026-04-25 03:00 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1858
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3498
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1859
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied para…
|
CWE-89
SQL Injection
|
CVE-2026-5207
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1860
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient outp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5226
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
