|
1711
|
5.3 |
MEDIUM
Local
|
-
|
-
|
Una vulnerabilidad fue detectada en raine consult-llm-mcp hasta 2.5.3. Afectada por esta vulnerabilidad es la función child_process.execSync del archivo src/server.ts. La manipulación del argumento g…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5125
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1712
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail cause…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5148
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1713
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Se ha identificado una debilidad en YunaiV yudao-cloud hasta 2026.01. Esta vulnerabilidad afecta código desconocido del archivo /admin-api/system/mail-log/page. Esta manipulación del argumento toMail…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5148
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1714
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5150
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1715
|
7.3 |
HIGH
Network
|
-
|
-
|
Se ha detectado una vulnerabilidad de seguridad en code-projects Accounting System 1.0. Este problema afecta a un procesamiento desconocido del archivo /viewin_costumer.php del componente Gestor de P…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5150
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1716
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is …
|
CWE-94
Code Injection
|
CVE-2026-4257
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1717
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the ar…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5157
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1718
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Una vulnerabilidad fue identificada en code-projects Online Food Ordering System 1.0. Afecta a una función desconocida del archivo /form/order.php del componente Order Module. Dicha manipulación del …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5157
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1719
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function i…
|
CWE-285
Improper Authorization
|
CVE-2026-1710
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1720
|
6.5 |
MEDIUM
Network
|
-
|
-
|
El plugin WooPayments: Pagos Integrados de WooCommerce para WordPress es vulnerable a la modificación no autorizada de datos debido a una comprobación de capacidad faltante en la función 'save_upe_ap…
|
CWE-285
Improper Authorization
|
CVE-2026-1710
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
