|
1041
|
7.2 |
HIGH
Network
|
-
|
-
|
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateU…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9851
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
2.4 |
LOW
Network
|
-
|
-
|
A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting.…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11434
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The at…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11435
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performi…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11436
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation caus…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11406
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11437
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromI…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11438
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of th…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11439
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the …
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11440
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation o…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11441
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
