|
341
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information discl…
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48845
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
7.5 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been …
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-48844
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
7.2 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure,…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48843
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
8.1 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
New
|
CWE-89
SQL Injection
|
CVE-2026-48842
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GamiPress: from n/a through 7.6.3.
New
|
CWE-862
Missing Authorization
|
CVE-2026-24546
|
2026-05-26 05:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results …
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-9483
|
2026-05-26 04:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer o…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9482
|
2026-05-26 04:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. Th…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9481
|
2026-05-26 04:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9480
|
2026-05-26 04:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9479
|
2026-05-26 03:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
