|
2991
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Ho…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7546
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2992
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd result…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7548
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2993
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argumen…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7549
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2994
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7550
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2995
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of the argumen…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7553
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2996
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13362
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2997
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6127
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2998
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql inje…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7555
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2999
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. E…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7578
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3000
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'hand…
|
CWE-352
Origin Validation Error
|
CVE-2026-3140
|
2026-05-2 00:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
