|
4701
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affect…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39611
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4702
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
|
CWE-862
Missing Authorization
|
CVE-2026-39612
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4703
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue a…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39613
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4704
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for Word…
|
CWE-862
Missing Authorization
|
CVE-2026-39614
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4705
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager:…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39615
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4706
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39616
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4707
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.
|
CWE-352
Origin Validation Error
|
CVE-2026-39617
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4708
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.
|
CWE-352
Origin Validation Error
|
CVE-2026-39618
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4709
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-39619
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4710
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.
|
CWE-352
Origin Validation Error
|
CVE-2026-39620
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
