|
541
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Fileli…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8133
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
3.3 |
LOW
Local
|
-
|
-
|
A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. …
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8124
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow.…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8138
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insuffi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5341
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7650
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
8.8 |
HIGH
Network
|
-
|
-
|
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and …
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-5127
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
7.2 |
HIGH
Network
|
-
|
-
|
The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST par…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7330
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, 3.3.2. This is due to the custom p…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7475
|
2026-05-9 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parame…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8125
|
2026-05-9 00:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. T…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8132
|
2026-05-9 00:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
