|
2251
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Se encontró una vulnerabilidad en elecV2 elecV2P hasta la versión 3.8.3. El elemento afectado es la función path.join del archivo /log/ del componente Wildcard Handler. La manipulación resulta en sal…
|
CWE-22
Path Traversal
|
CVE-2026-5014
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2252
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename cause…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5015
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2253
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Una vulnerabilidad fue determinada en elecV2 elecV2P hasta la versión 3.8.3. El elemento afectado es una función desconocida del archivo /logs del componente Endpoint. Esta manipulación del argumento…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5015
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2254
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-si…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5016
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2255
|
7.3 |
HIGH
Network
|
-
|
-
|
Una vulnerabilidad fue identificada en elecV2 elecV2P hasta 3.8.3. Esto afecta la función eAxios del archivo /mock del componente URL Gestor. Dicha manipulación del argumento req conduce a falsificac…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5016
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2256
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2602
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2257
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Twentig para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro 'featuredImageSizeWidth' en versiones hasta la 1.9.7, inclusive, debido a una sanitización de e…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2602
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2258
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5023
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2259
|
5.3 |
MEDIUM
Local
|
-
|
-
|
Se ha encontrado una vulnerabilidad en DeDeveloper23 codebase-mcp hasta 3ec749d237dd8eabbeef48657cf917275792fde6. Esta vulnerabilidad afecta a la función getCodebase/getRemoteCodebase/saveCodebase de…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5023
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2260
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the a…
|
CWE-99
Resource Injection
|
CVE-2026-5031
|
2026-04-25 01:36 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
