|
1701
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argumen…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5261
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1702
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a man…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-1879
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-5313
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is …
|
CWE-79
Cross-site Scripting
|
CVE-2025-13535
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
2.5 |
LOW
Local
|
-
|
-
|
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptograph…
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-5310
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5126
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en SourceCodester RSS Feed Parser 1.0. Este problema afecta a la función file_get_contents. Esta manipulación provoca falsificación de petición del lado del servid…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5126
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website res…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5147
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
7.3 |
HIGH
Network
|
-
|
-
|
Una vulnerabilidad de seguridad ha sido descubierta en YunaiV yudao-cloud hasta 2026.01. Esto afecta una parte desconocida del archivo /admin-api/system/tenant/get-by-website. La manipulación del arg…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5147
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5125
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
