|
651
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v…
New
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11620
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11621
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5714
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
7.2 |
HIGH
Network
|
-
|
-
|
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7556
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10024
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-10553
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10738
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, 1.0.6 due to i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11603
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach…
New
|
CWE-119
CWE-416
Incorrect Access of Indexable Resource ('Range Error')
Use After Free
|
CVE-2026-11623
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7662
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
