|
5641
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-4911
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5642
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4805
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5643
|
6.5 |
MEDIUM
Local
|
-
|
-
|
KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of …
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-41525
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5644
|
- |
|
-
|
-
|
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to prot…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-54013
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5645
|
- |
|
-
|
-
|
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be e…
|
CWE-78
OS Command
|
CVE-2024-54012
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5646
|
- |
|
-
|
-
|
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has r…
|
CWE-20
Improper Input Validation
|
CVE-2024-54011
|
2026-04-28 17:15 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5647
|
5.9 |
MEDIUM
Network
|
-
|
-
|
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registe…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-40356
|
2026-04-28 16:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5648
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6809
|
2026-04-28 15:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5649
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6725
|
2026-04-28 15:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5650
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6551
|
2026-04-28 15:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
