|
331
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects QR Redirector: from n/a through 2.0.3.
New
|
CWE-862
Missing Authorization
|
CVE-2026-24545
|
2026-05-26 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De…
New
|
CWE-791
CWE-1336
Incomplete Filtering of Special Elements
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-9498
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali…
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-9497
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be exe…
New
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-9486
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument …
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9485
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file class…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-9484
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
4.4 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48849
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
7.2 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48848
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
3.7 |
LOW
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48847
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information di…
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48846
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
