|
3491
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4895
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3492
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6105
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3493
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4979
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3494
|
8.8 |
HIGH
Network
|
-
|
-
|
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…
|
CWE-269
Improper Privilege Management
|
CVE-2026-5144
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3495
|
7.2 |
HIGH
Network
|
-
|
-
|
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5217
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3496
|
7.1 |
HIGH
Network
|
-
|
-
|
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action han…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-5809
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3497
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6106
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3498
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware.…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6107
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3499
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mod…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-6108
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3500
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/efi: defer freeing of boot services memory
efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE
and EFI_B…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23352
|
2026-04-25 02:59 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
