|
1541
|
2.4 |
LOW
Physics
|
-
|
-
|
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-41986
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen…
|
CWE-94
Code Injection
|
CVE-2026-11393
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10862
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11620
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11621
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5714
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
7.2 |
HIGH
Network
|
-
|
-
|
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7556
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10024
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo…
|
CWE-352
Origin Validation Error
|
CVE-2026-10553
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10738
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
