|
381
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the u…
New
|
CWE-89
SQL Injection
|
CVE-2026-8653
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
7.5 |
HIGH
Network
|
-
|
-
|
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. Thi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-10737
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection.
This issue affects Photo Gallery by 10W…
New
|
CWE-89
SQL Injection
|
CVE-2026-49771
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.
This issue affects WP eMember: from…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-49077
|
2026-06-4 22:53 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
8.8 |
HIGH
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability all…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-46837
|
2026-06-4 22:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
7.4 |
HIGH
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability al…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-46818
|
2026-06-4 22:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
9.8 |
CRITICAL
Network
|
oracle
|
e-business_suite
|
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allo…
Update
|
CWE-269
CWE-287
CWE-306
Improper Privilege Management
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-46817
|
2026-06-4 22:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
4.9 |
MEDIUM
Network
|
progress
|
sitefinity
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used co…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-7313
|
2026-06-4 22:12 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
7.5 |
HIGH
Network
|
progress
|
sitefinity
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.844…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-7312
|
2026-06-4 22:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
8.1 |
HIGH
Network
|
progress
|
sitefinity
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-7195
|
2026-06-4 21:51 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
