|
5871
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Att…
|
CWE-79
Cross-site Scripting
|
CVE-2023-54349
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5872
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2023-54348
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5873
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers c…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2023-54347
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5874
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file path…
|
CWE-538
File and Directory Information Exposure
|
CVE-2023-54346
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5875
|
8.8 |
HIGH
Network
|
-
|
-
|
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr…
|
CWE-94
Code Injection
|
CVE-2023-54345
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5876
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54344
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5877
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54342
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5878
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up t…
|
CWE-862
Missing Authorization
|
CVE-2026-3601
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5879
|
7.5 |
HIGH
Network
|
-
|
-
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due…
|
CWE-89
SQL Injection
|
CVE-2026-3359
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5880
|
7.5 |
HIGH
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path…
|
CWE-22
Path Traversal
|
CVE-2026-5192
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
