|
1901
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8839
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11412
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The at…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11435
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performi…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11436
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due …
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-9016
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9594
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and i…
|
CWE-89
SQL Injection
|
CVE-2026-9829
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
7.2 |
HIGH
Network
|
-
|
-
|
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateU…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9851
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation caus…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11406
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11437
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
