|
3061
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7151
|
2026-05-1 03:22 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3062
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7119
|
2026-05-1 03:22 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3063
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
|
CWE-843
Type Confusion
|
CVE-2026-6732
|
2026-05-1 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3064
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component
|
CWE-79
Cross-site Scripting
|
CVE-2026-38940
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3065
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component
|
CWE-79
Cross-site Scripting
|
CVE-2026-38939
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3066
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.
|
CWE-22
Path Traversal
|
CVE-2026-36767
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3067
|
- |
|
-
|
-
|
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting …
|
-
|
CVE-2026-36766
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3068
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36764
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3069
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36763
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3070
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36761
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
