|
2781
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6725
|
2026-04-28 15:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2782
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6551
|
2026-04-28 15:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2783
|
7.2 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overfl…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7219
|
2026-04-28 13:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2784
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipu…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7218
|
2026-04-28 12:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2785
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-of…
|
CWE-22
CWE-36
Path Traversal
Absolute Path Traversal
|
CVE-2026-7217
|
2026-04-28 12:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2786
|
7.2 |
HIGH
Network
|
-
|
-
|
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could al…
|
CWE-78
OS Command
|
CVE-2026-1460
|
2026-04-28 12:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2787
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with a…
|
CWE-78
OS Command
|
CVE-2026-0711
|
2026-04-28 12:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2788
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulati…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7204
|
2026-04-28 10:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2789
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7203
|
2026-04-28 10:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2790
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7202
|
2026-04-28 10:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
