|
5731
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
|
CWE-89
SQL Injection
|
CVE-2026-7649
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5732
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio…
|
CWE-862
Missing Authorization
|
CVE-2026-4024
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5733
|
7.2 |
HIGH
Network
|
-
|
-
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5324
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5734
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interfac…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7593
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5735
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument …
|
CWE-22
Path Traversal
|
CVE-2026-7594
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5736
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7595
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5737
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7596
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5738
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Perf…
|
CWE-22
Path Traversal
|
CVE-2026-7599
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5739
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulati…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7600
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5740
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denia…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7601
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
