|
861
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7037
|
2026-04-28 03:50 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficientl…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-7038
|
2026-04-28 03:50 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spri…
Update
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-7045
|
2026-04-28 03:50 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7059
|
2026-04-28 03:50 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Exe…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7002
|
2026-04-28 03:46 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cl…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6982
|
2026-04-28 03:42 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. T…
Update
|
CWE-441
Confused Deputy
|
CVE-2026-6993
|
2026-04-28 03:42 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Paramete…
Update
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-6994
|
2026-04-28 03:42 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
8.8 |
HIGH
Network
|
-
|
-
|
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hsc…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-7106
|
2026-04-28 03:38 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
7.7 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42379
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
