|
1991
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_emai…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7015
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1992
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7016
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1993
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/…
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-7018
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1994
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServl…
|
CWE-22
Path Traversal
|
CVE-2026-7024
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1995
|
7.8 |
HIGH
Local
|
-
|
-
|
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description l…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7039
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1996
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7042
|
2026-04-29 10:00 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1997
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-7041
|
2026-04-29 10:00 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1998
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The …
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7043
|
2026-04-29 10:00 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1999
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can …
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7044
|
2026-04-29 10:00 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2000
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the componen…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7058
|
2026-04-29 10:00 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
