|
3091
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8345
|
2026-05-12 23:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3092
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8346
|
2026-05-12 23:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3093
|
4.3 |
MEDIUM
Network
|
onyx
|
onyx
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42276
|
2026-05-12 23:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3094
|
7.1 |
HIGH
Network
|
legeling
|
prompthub
|
PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/sk…
|
CWE-20
CWE-693
CWE-918
Improper Input Validation
Protection Mechanism Failure
Server-Side Request Forgery (SSRF)
|
CVE-2026-42261
|
2026-05-12 23:06 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3095
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-base…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2300
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3096
|
7.5 |
HIGH
Network
|
-
|
-
|
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and …
|
CWE-89
SQL Injection
|
CVE-2026-2993
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3097
|
8.2 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Timetics: from n/a through 1.0.53.
|
CWE-862
Missing Authorization
|
CVE-2026-39432
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3098
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and including, 2.8.1 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3604
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3099
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la…
|
CWE-862
Missing Authorization
|
CVE-2026-4301
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3100
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 du…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4859
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
