|
2781
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through <…
|
CWE-22
Path Traversal
|
CVE-2026-22448
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2782
|
7.5 |
HIGH
Network
|
-
|
-
|
Limitación incorrecta de un nombre de ruta a un directorio restringido ('Salto de ruta') vulnerabilidad en flexcubed PitchPrint pitchprint permite Salto de ruta. Este problema afecta a PitchPrint: de…
|
CWE-22
Path Traversal
|
CVE-2026-22448
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2783
|
7.2 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a thro…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-22480
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2784
|
7.2 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de deserialización de datos no confiables en WebToffee Product Feed for WooCommerce webtoffee-product-feed permite la inyección de objetos. Este problema afecta a Product Feed for WooC…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-22480
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2785
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from …
|
CWE-89
SQL Injection
|
CVE-2026-22484
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2786
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyección SQL') vulnerabilidad en pebas Lisfinity Core lisfinity-core permite la inyección SQL. Este problema afecta a…
|
CWE-89
SQL Injection
|
CVE-2026-22484
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2787
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n…
|
CWE-862
Missing Authorization
|
CVE-2026-22485
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2788
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad de autorización faltante en Ruhul Amin My Album Gallery my-album-gallery permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema…
|
CWE-862
Missing Authorization
|
CVE-2026-22485
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2789
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22491
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2790
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en wphocus My auctions allegro my-auctions-allegro-free-edition permite XSS Reflej…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22491
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
