|
4791
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39703
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4792
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Ac…
|
CWE-862
Missing Authorization
|
CVE-2026-39704
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4793
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Mul…
|
CWE-862
Missing Authorization
|
CVE-2026-39705
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4794
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a throug…
|
CWE-862
Missing Authorization
|
CVE-2026-39706
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4795
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.T…
|
CWE-862
Missing Authorization
|
CVE-2026-39707
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4796
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queue: Call fini on exec queue creation fail
Every call to queue init should have a corresponding fini call.
Skipping this…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23350
|
2026-04-25 03:05 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4797
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
drm/xe/queue: Llamar a fini al fallar la creación de la cola de ejecución
Cada llamada a init de cola debería tener una llamada …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23350
|
2026-04-25 03:05 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4798
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39708
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4799
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-39709
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4800
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2…
|
CWE-352
Origin Validation Error
|
CVE-2026-39710
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
