|
3101
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una falla de seguridad ha sido descubierta en PbootCMS hasta la versión 3.2.12. Esto afecta una función desconocida del archivo core/function/file.php del componente Carga de Archivos. La manipulació…
|
CWE-183
CWE-184
Permissive List of Allowed Inputs
Incomplete Blacklist
|
CVE-2026-4509
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3102
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipu…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4510
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3103
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Se ha identificado una debilidad en PbootCMS hasta 3.2.12. Esto afecta a la función alert_location del archivo apps/home/controller/MemberController.php del componente Gestor de Parámetros. Esta mani…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4510
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3104
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin de shortcodes fyyd podcast para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los shortcodes 'fyyd-podcast', 'fyyd-episode' y 'fyyd' en todas las versiones hasta la …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4084
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3105
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wp_random_button' shortcode in all versions up t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4086
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3106
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin WP Random Button para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los atributos del shortcode 'cat', 'nocat' y 'text' del shortcode 'wp_random_button' en todas las…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4086
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3107
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_spe…
|
CWE-862
Missing Authorization
|
CVE-2026-4127
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3108
|
4.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Speedup Optimization para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.5.9 inclusive. La función speedup01_ajax_enabled(), que maneja la acción AJAX …
|
CWE-862
Missing Authorization
|
CVE-2026-4127
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3109
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-4511
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3110
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una vulnerabilidad de seguridad ha sido detectada en vanna-ai vanna hasta la versión 2.0.2. Afectada es la función exec del archivo /src/vanna/legacy. Dicha manipulación conduce a inyección. El ataqu…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-4511
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
