|
3001
|
8.8 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25360
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3002
|
8.8 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de deserialización de datos no confiables en rascals Vex vex permite la inyección de objetos. Este problema afecta a Vex: desde n/a hasta < 1.2.9.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25360
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3003
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from …
|
CWE-79
Cross-site Scripting
|
CVE-2026-25361
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3004
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en magepeopleteam WpEvently mage-eventpress permite XSS Reflejado. Este problema a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25361
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3005
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a t…
|
CWE-862
Missing Authorization
|
CVE-2026-25365
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3006
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad de autorización faltante en Özgür KARALAR Kargo Takip kargo-takip-turkiye permite explotar niveles de seguridad de control de acceso incorrectamente configurados. Este problema afecta …
|
CWE-862
Missing Authorization
|
CVE-2026-25365
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3007
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.
|
CWE-94
Code Injection
|
CVE-2026-25366
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3008
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de Control Inadecuado de la Generación de Código ('Inyección de Código') en Themeisle Woody ad snippets insert-PHP permite la Inyección de Código. Este problema afecta a Woody ad snipp…
|
CWE-94
Code Injection
|
CVE-2026-25366
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3009
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Pr…
|
CWE-89
SQL Injection
|
CVE-2026-25371
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3010
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('inyección SQL') en King-Theme Lumise Product Designer lumise permite inyección SQL ciega. Este probl…
|
CWE-89
SQL Injection
|
CVE-2026-25371
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
