|
2451
|
5.3 |
MEDIUM
Local
|
-
|
-
|
Se ha descubierto una falla de seguridad en apconw Aix-DB hasta 1.2.3. Esto afecta una función desconocida del archivo agent/text2sql/rag/terminology_retriever.py. Realizar una manipulación del argum…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4530
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2452
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to den…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-4531
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2453
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Se ha identificado una debilidad en Free5GC 4.1.0. Afecta a la función HandleRegistrationComplete del archivo internal/gmm/handler.go del componente AMF. La ejecución de una manipulación puede conduc…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-4531
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2454
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3427
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2455
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Yoast SEO – Advanced SEO con guía en tiempo real e IA integrada para WordPress es vulnerable a cross-site scripting almacenado a través del atributo de bloque 'jsonText' en todas las versio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3427
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2456
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may …
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-4536
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2457
|
7.3 |
HIGH
Network
|
-
|
-
|
Se encontró una vulnerabilidad en Acrel Environmental Monitoring Cloud Platform 1.1.0. Este problema afecta algún procesamiento desconocido. Realizar una manipulación resulta en una carga sin restric…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-4536
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2458
|
8.8 |
HIGH
Network
|
-
|
-
|
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequ…
|
CWE-269
Improper Privilege Management
|
CVE-2026-4314
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2459
|
8.8 |
HIGH
Network
|
-
|
-
|
El plugin 'The Ultimate WordPress Toolkit – WP Extended' para WordPress es vulnerable a escalada de privilegios en todas las versiones hasta la 3.2.4, inclusive. Esto se debe a que el método `isDashb…
|
CWE-269
Improper Privilege Management
|
CVE-2026-4314
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2460
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-4537
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
