|
4431
|
7.5 |
HIGH
Network
|
-
|
-
|
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker…
|
CWE-22
Path Traversal
|
CVE-2026-6320
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4432
|
5.8 |
MEDIUM
Network
|
-
|
-
|
The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6817
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4433
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulatio…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-7668
|
2026-05-6 04:15 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4434
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7628
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4435
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2026-0703
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4436
|
8.1 |
HIGH
Network
|
-
|
-
|
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2554
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4437
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/…
|
CWE-200
Information Exposure
|
CVE-2026-3504
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4438
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of …
|
CWE-287
Improper Authentication
|
CVE-2026-7630
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4439
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument U…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7631
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4440
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid cause…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7632
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
