|
3421
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5831
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3422
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the comp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5832
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3423
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/f…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3568
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3424
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', '…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3574
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3425
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4429
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3426
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name resul…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5834
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3427
|
2.4 |
LOW
Network
|
-
|
-
|
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argumen…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5835
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3428
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but per…
|
CWE-862
Missing Authorization
|
CVE-2026-4124
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3429
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5357
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3430
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Id…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-5833
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
