|
2131
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the…
|
CWE-22
Path Traversal
|
CVE-2026-5258
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2132
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/contro…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5259
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2133
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argumen…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5261
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2134
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a man…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-1879
|
2026-04-25 03:12 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2135
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-5313
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2136
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is …
|
CWE-79
Cross-site Scripting
|
CVE-2025-13535
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2137
|
2.5 |
LOW
Local
|
-
|
-
|
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptograph…
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-5310
|
2026-04-25 03:12 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2138
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5126
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2139
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en SourceCodester RSS Feed Parser 1.0. Este problema afecta a la función file_get_contents. Esta manipulación provoca falsificación de petición del lado del servid…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5126
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2140
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website res…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5147
|
2026-04-25 03:11 |
2026-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
