|
4501
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the arg…
|
CWE-189
CWE-190
Numeric Errors
Integer Overflow or Wraparound
|
CVE-2026-4985
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4502
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argu…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-4990
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4503
|
8.0 |
HIGH
Network
|
-
|
-
|
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag…
|
CWE-285
Improper Authorization
|
CVE-2026-4248
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4504
|
8.0 |
HIGH
Network
|
-
|
-
|
El plugin Ultimate Member para WordPress es vulnerable a la exposición de información sensible en todas las versiones hasta e incluyendo la 2.11.2. Esto se debe a que la etiqueta de plantilla '{userm…
|
CWE-285
Improper Authorization
|
CVE-2026-4248
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4505
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Perfo…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4991
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4506
|
3.5 |
LOW
Network
|
-
|
-
|
Una vulnerabilidad fue detectada en QDOCS Smart School Management System hasta la versión 7.2. El elemento afectado es una función desconocida del archivo /admin/enquiry del componente Módulo de Cons…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4991
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4507
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulati…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4992
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4508
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en wandb OpenUI hasta la versión 1.0. Esto afecta a la función create_share/get_share del archivo backend/openui/server.py del componente HTMLAnnotator Component. …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4992
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4509
|
7.5 |
HIGH
Network
|
-
|
-
|
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the crea…
|
CWE-20
Improper Input Validation
|
CVE-2026-4987
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4510
|
7.5 |
HIGH
Network
|
-
|
-
|
El plugin SureForms – Contact Form, Payment Form & Other Custom Form Builder para WordPress es vulnerable a la Omisión de Cantidad de Pago en todas las versiones hasta la 2.5.2, inclusive. Esto s…
|
CWE-20
Improper Input Validation
|
CVE-2026-4987
|
2026-04-25 01:36 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
