|
4841
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id c…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5829
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4842
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5831
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4843
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the comp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5832
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4844
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/f…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3568
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4845
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', '…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3574
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4846
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4429
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4847
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name resul…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5834
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4848
|
2.4 |
LOW
Network
|
-
|
-
|
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argumen…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5835
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4849
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but per…
|
CWE-862
Missing Authorization
|
CVE-2026-4124
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4850
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5357
|
2026-04-25 03:03 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
