|
1971
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5826
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to s…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5827
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
8.8 |
HIGH
Network
|
-
|
-
|
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activat…
|
CWE-862
Missing Authorization
|
CVE-2026-4326
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid r…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5828
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id c…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5829
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5831
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the comp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5832
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/f…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3568
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', '…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3574
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4429
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
