|
2191
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cl…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6982
|
2026-04-28 03:42 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2192
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Paramete…
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-6994
|
2026-04-28 03:42 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
8.8 |
HIGH
Network
|
-
|
-
|
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hsc…
|
CWE-269
Improper Privilege Management
|
CVE-2026-7106
|
2026-04-28 03:38 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
7.7 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42379
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2195
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in imp…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7109
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2196
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before …
|
CWE-89
SQL Injection
|
CVE-2026-22336
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-22337
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2198
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42410
|
2026-04-28 03:37 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2199
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7121
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2200
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ar…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7122
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
