|
3251
|
7.2 |
HIGH
Network
|
-
|
-
|
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5063
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3252
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipu…
|
CWE-22
Path Traversal
|
CVE-2026-7680
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3253
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the comp…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7681
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3254
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-7686
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3255
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7687
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3256
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMi…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7694
|
2026-05-6 04:13 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3257
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be i…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7703
|
2026-05-6 04:13 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3258
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path tra…
|
CWE-22
Path Traversal
|
CVE-2026-7704
|
2026-05-6 04:13 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3259
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to de…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7706
|
2026-05-6 04:13 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3260
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7708
|
2026-05-6 04:13 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
