|
1401
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4330
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1402
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5169
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1403
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4654
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1404
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4655
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1405
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1396
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1406
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: io: Extract user memory type in ioremap_prot()
The only caller of ioremap_prot() outside of the generic ioremap()
implemen…
|
NVD-CWE-noinfo
|
CVE-2026-23346
|
2026-04-25 03:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1407
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
arm64: io: Extraer el tipo de memoria de usuario en ioremap_prot()
El único llamador de ioremap_prot() fuera de la implementació…
|
NVD-CWE-noinfo
|
CVE-2026-23346
|
2026-04-25 03:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1408
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the co…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5532
|
2026-04-25 03:14 |
2026-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1409
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5533
|
2026-04-25 03:14 |
2026-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1410
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5534
|
2026-04-25 03:14 |
2026-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
