|
641
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9629
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all vers…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1291
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
7.2 |
HIGH
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5513
|
2026-06-16 05:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-12175
|
2026-06-16 05:42 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-12176
|
2026-06-16 05:42 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controll…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-12188
|
2026-06-16 05:42 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authori…
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12190
|
2026-06-16 05:42 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Ha…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12186
|
2026-06-16 05:42 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12187
|
2026-06-16 05:42 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
7.8 |
HIGH
Local
|
-
|
-
|
A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation …
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-12191
|
2026-06-16 05:42 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
