|
1441
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the applicati…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41459
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an i…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-34415
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
7.1 |
HIGH
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in re…
|
CWE-22
Path Traversal
|
CVE-2026-34414
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
8.6 |
HIGH
Network
|
-
|
-
|
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unaut…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-34413
|
2026-04-25 05:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elem…
|
CWE-862
Missing Authorization
|
CVE-2025-68085
|
2026-04-25 05:16 |
2025-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Sh…
|
CWE-79
Cross-site Scripting
|
CVE-2025-68079
|
2026-04-25 05:16 |
2025-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-68071
|
2026-04-25 05:16 |
2025-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-68066
|
2026-04-25 05:16 |
2025-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1449
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from …
|
CWE-89
SQL Injection
|
CVE-2025-68055
|
2026-04-25 05:16 |
2025-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2022_…
|
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
|
CWE-843
Type Confusion
|
CVE-2026-20806
|
2026-04-25 05:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
