|
2641
|
8.8 |
HIGH
Network
|
-
|
-
|
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequ…
|
CWE-269
Improper Privilege Management
|
CVE-2026-4314
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2642
|
8.8 |
HIGH
Network
|
-
|
-
|
El plugin 'The Ultimate WordPress Toolkit – WP Extended' para WordPress es vulnerable a escalada de privilegios en todas las versiones hasta la 3.2.4, inclusive. Esto se debe a que el método `isDashb…
|
CWE-269
Improper Privilege Management
|
CVE-2026-4314
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2643
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-4537
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2644
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Se determinó una vulnerabilidad en Cudy TR1200 R46-2.4.15-20250721-164017. Se ve afectada la función action_ipsec_conn del archivo /usr/bin/lib/lua/luci/controller/ipsec.lua. La ejecución de una mani…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-4537
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2645
|
3.3 |
LOW
Local
|
-
|
-
|
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular e…
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-4539
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2646
|
3.3 |
LOW
Local
|
-
|
-
|
Una falla de seguridad ha sido descubierta en pygments hasta la versión 2.19.2. El elemento afectado es la función AdlLexer del archivo pygments/lexers/archetype.py. La manipulación resulta en una co…
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-4539
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2647
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4540
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2648
|
7.3 |
HIGH
Network
|
-
|
-
|
Una vulnerabilidad fue detectada en projectworlds Online Notes Sharing System 1.0. Este problema afecta a un procesamiento desconocido del archivo /login.php del componente Gestor de Parámetros. La m…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4540
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2649
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the ar…
|
CWE-22
Path Traversal
|
CVE-2026-4542
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2650
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en SSCMS 4.7.0. El elemento afectado es una función desconocida del archivo LayerImageController.Submit.cs del componente layerImage Endpoint. Dicha manipulación d…
|
CWE-22
Path Traversal
|
CVE-2026-4542
|
2026-04-25 01:32 |
2026-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
