|
31
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS…
Update
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8415
|
2026-05-27 03:58 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9342
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manip…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9355
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9356
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
8.8 |
HIGH
Network
|
-
|
-
|
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check …
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6419
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
8.8 |
HIGH
Network
|
-
|
-
|
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6895
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
8.8 |
HIGH
Network
|
-
|
-
|
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6897
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
8.8 |
HIGH
Network
|
-
|
-
|
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6898
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
8.2 |
HIGH
Network
|
-
|
-
|
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc…
New
|
CWE-862
Missing Authorization
|
CVE-2026-9284
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV…
Update
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8416
|
2026-05-27 03:55 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
