|
1471
|
8.8 |
HIGH
Network
|
-
|
-
|
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-7489
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1472
|
7.2 |
HIGH
Network
|
-
|
-
|
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7490
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1473
|
- |
|
-
|
-
|
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6499
|
2026-05-6 05:14 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1474
|
- |
|
-
|
-
|
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-6500
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1475
|
- |
|
-
|
-
|
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
|
CWE-611
XXE
|
CVE-2026-6501
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1476
|
8.8 |
HIGH
Adjacent
|
google
|
android
|
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-0073
|
2026-05-6 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1477
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1478
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1479
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated rem…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-32834
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1480
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41471
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
