|
3931
|
8.8 |
HIGH
Network
|
fortinet
|
fortindr
|
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions…
|
CWE-89
SQL Injection
|
CVE-2026-25088
|
2026-05-19 02:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3932
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortideceptor
|
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2…
|
CWE-88
Argument Injection
|
CVE-2026-25690
|
2026-05-19 02:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3933
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
|
CWE-617
Reachable Assertion
|
CVE-2026-8843
|
2026-05-19 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3934
|
9.1 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-19 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3935
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-47959
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3936
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-47965
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3937
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37233
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3938
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37235
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3939
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f…
|
CWE-22
Path Traversal
|
CVE-2021-47977
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3940
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers …
|
CWE-22
Path Traversal
|
CVE-2021-47979
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
