|
4711
|
8.8 |
HIGH
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5.
|
CWE-352
Origin Validation Error
|
CVE-2026-39621
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4712
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a thr…
|
CWE-862
Missing Authorization
|
CVE-2026-39622
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4713
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects …
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39623
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4714
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
|
CWE-862
Missing Authorization
|
CVE-2026-39624
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4715
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3.
|
CWE-80
Basic XSS
|
CVE-2026-39625
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4716
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.
|
CWE-80
Basic XSS
|
CVE-2026-39626
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4717
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266.
|
CWE-862
Missing Authorization
|
CVE-2026-39627
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4718
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <…
|
CWE-80
Basic XSS
|
CVE-2026-39628
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4719
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9.
|
CWE-80
Basic XSS
|
CVE-2026-39629
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4720
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39630
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
