|
961
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user…
New
|
-
|
CVE-2026-10824
|
2026-06-25 23:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel (…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-10552
|
2026-06-25 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
7.1 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engin…
New
|
CWE-79
CWE-184
Cross-site Scripting
Incomplete Blacklist
|
CVE-2026-54070
|
2026-06-25 23:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
5.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the docume…
New
|
CWE-706
CWE-863
Use of Incorrectly-Resolved Name or Reference
Incorrect Authorization
|
CVE-2026-54022
|
2026-06-25 23:12 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trai…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50698
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_do…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50699
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50700
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
- |
|
-
|
-
|
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50701
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50703
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50704
|
2026-06-25 23:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
