|
2541
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una falla de seguridad ha sido descubierta en 648540858 wvp-GB28181-pro hasta 2.7.4. Afectada es la función selectAll del archivo src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamPr…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4597
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2542
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter H…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4612
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2543
|
7.3 |
HIGH
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en itsourcecode Free Hotel Reservation System 1.0. Esto afecta una parte desconocida del archivo /hotel/admin/mod_users/index.php?view=edit&id=8 del componente…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4612
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2544
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sani…
|
CWE-89
SQL Injection
|
CVE-2026-2412
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2545
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied paramete…
|
CWE-89
SQL Injection
|
CVE-2026-4306
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2546
|
7.5 |
HIGH
Network
|
-
|
-
|
El plugin WP Job Portal para WordPress es vulnerable a una inyección SQL a través del parámetro 'radius' en todas las versiones hasta la 2.4.8, incluida esta, debido a un escape insuficiente del pará…
|
CWE-89
SQL Injection
|
CVE-2026-4306
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2547
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. T…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4613
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2548
|
7.3 |
HIGH
Network
|
-
|
-
|
Se encontró una vulnerabilidad en SourceCodester E-Commerce Site 1.0. Esta vulnerabilidad afecta código desconocido del archivo /products.PHP. La manipulación del argumento Search resulta en inyecció…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4613
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2549
|
6.5 |
MEDIUM
Network
|
-
|
-
|
El plugin Quiz and Survey Master (QSM) para WordPress es vulnerable a inyección SQL a través del parámetro 'merged_question' en todas las versiones hasta la 10.3.5, inclusive. Esto se debe a una sani…
|
CWE-89
SQL Injection
|
CVE-2026-2412
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2550
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function o…
|
CWE-862
Missing Authorization
|
CVE-2026-3225
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
