|
6251
|
5.9 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-8261
|
2026-05-13 23:47 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6252
|
7.5 |
HIGH
Network
|
pillarjs
|
multiparty
|
multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a lon…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-8159
|
2026-05-13 23:44 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6253
|
7.5 |
HIGH
Network
|
pillarjs
|
multiparty
|
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.proto…
|
CWE-248
CWE-1321
Uncaught Exception
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-8161
|
2026-05-13 23:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6254
|
7.5 |
HIGH
Network
|
pillarjs
|
multiparty
|
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter co…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-8162
|
2026-05-13 23:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6255
|
7.5 |
HIGH
Network
|
-
|
-
|
The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insuf…
|
CWE-89
SQL Injection
|
CVE-2026-1250
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6256
|
7.1 |
HIGH
Network
|
-
|
-
|
The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2026-5371
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6257
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when …
|
CWE-862
Missing Authorization
|
CVE-2025-14755
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6258
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for …
|
CWE-200
Information Exposure
|
CVE-2025-9987
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6259
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak…
|
CWE-285
Improper Authorization
|
CVE-2025-9988
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6260
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2025-9989
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
