|
1591
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10581
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configur…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10583
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plug…
|
CWE-269
Improper Privilege Management
|
CVE-2026-8206
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2025-5085
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1450
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1451
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The mani…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10514
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
2.4 |
LOW
Network
|
-
|
-
|
A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJo…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10529
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up …
|
CWE-79
Cross-site Scripting
|
CVE-2026-10100
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
3.5 |
LOW
Network
|
-
|
-
|
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the com…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10567
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
