|
3621
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KE…
|
CWE-259
CWE-798
Use of Hard-coded Password
Use of Hard-coded Credentials
|
CVE-2026-8032
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3622
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such man…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-8033
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3623
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery.
This issue affects BEAR: from n/a through 1.1.5.
|
CWE-352
Origin Validation Error
|
CVE-2026-27415
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3624
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
|
CWE-416
Use After Free
|
CVE-2026-8001
|
2026-05-7 23:05 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3625
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
|
CWE-416
Use After Free
|
CVE-2026-8002
|
2026-05-7 23:03 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3626
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security seve…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8003
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3627
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS.
This issue affects WEN Logo Slider: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2025-62127
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3628
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Bus Ticket…
|
CWE-862
Missing Authorization
|
CVE-2025-66105
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3629
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through …
|
CWE-89
SQL Injection
|
CVE-2025-68060
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3630
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.
This issue affects WPGraphQL: from n/a through 2.5.3.
|
CWE-352
Origin Validation Error
|
CVE-2025-68604
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
