|
1991
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5839
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1992
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4336
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1993
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5840
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1994
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5842
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1995
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipul…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-5847
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1996
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-5848
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1997
|
7.6 |
HIGH
Network
|
freescout
|
freescout
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging cus…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39384
|
2026-04-25 03:03 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1998
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-2519
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1999
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3005
|
2026-04-25 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2000
|
6.6 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a…
|
CWE-287
Improper Authentication
|
CVE-2026-5959
|
2026-04-25 03:02 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
