|
3751
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t…
|
CWE-94
CWE-184
Code Injection
Incomplete Blacklist
|
CVE-2026-44287
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3752
|
7.5 |
HIGH
Network
|
-
|
-
|
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intende…
|
CWE-22
Path Traversal
|
CVE-2026-10108
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3753
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10110
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3754
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10111
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3755
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site s…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10112
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3756
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manip…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10113
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3757
|
7.5 |
HIGH
Network
|
-
|
-
|
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the ev…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-7459
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3758
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint.…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10116
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3759
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of serv…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10117
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3760
|
8.8 |
HIGH
Network
|
-
|
-
|
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible f…
|
CWE-269
Improper Privilege Management
|
CVE-2026-7465
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
