|
331
|
9.3 |
CRITICAL
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more comp…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42849
|
2026-06-3 06:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
- |
|
-
|
-
|
authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper UR…
New
|
CWE-601
Open Redirect
|
CVE-2026-41569
|
2026-06-3 06:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View P…
New
|
CWE-99
Resource Injection
|
CVE-2026-10624
|
2026-06-3 06:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10620
|
2026-06-3 06:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authenticatio…
New
|
CWE-287
Improper Authentication
|
CVE-2026-10619
|
2026-06-3 06:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This i…
New
|
CWE-89
SQL Injection
|
CVE-2026-5073
|
2026-06-3 05:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This…
New
|
CWE-89
SQL Injection
|
CVE-2026-5074
|
2026-06-3 05:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset k…
New
|
CWE-287
Improper Authentication
|
CVE-2026-5076
|
2026-06-3 05:56 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
9.8 |
CRITICAL
Network
|
synology
|
beestation_os
|
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via …
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-12686
|
2026-06-3 05:43 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
9.8 |
CRITICAL
Network
|
synology
|
diskstation_manager
|
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2025-13392
|
2026-06-3 05:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
