|
1581
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2025-67259
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5506
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5508
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4330
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5169
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4654
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4655
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1396
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: io: Extract user memory type in ioremap_prot()
The only caller of ioremap_prot() outside of the generic ioremap()
implemen…
|
NVD-CWE-noinfo
|
CVE-2026-23346
|
2026-04-25 03:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
arm64: io: Extraer el tipo de memoria de usuario en ioremap_prot()
El único llamador de ioremap_prot() fuera de la implementació…
|
NVD-CWE-noinfo
|
CVE-2026-23346
|
2026-04-25 03:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
