|
2461
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a thr…
|
CWE-862
Missing Authorization
|
CVE-2026-45210
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2462
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affe…
|
CWE-89
SQL Injection
|
CVE-2026-45211
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2463
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset …
|
CWE-862
Missing Authorization
|
CVE-2026-45212
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2464
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a thro…
|
CWE-89
SQL Injection
|
CVE-2026-45213
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2465
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xp…
|
CWE-89
SQL Injection
|
CVE-2026-45214
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2466
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-45215
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2467
|
7.7 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a t…
|
CWE-89
SQL Injection
|
CVE-2026-45218
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2468
|
4.8 |
MEDIUM
Network
|
weblate
|
wlc
|
wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42150
|
2026-05-12 23:00 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2469
|
3.3 |
LOW
Network
|
kimai
|
kimai
|
Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to …
|
CWE-862
Missing Authorization
|
CVE-2026-41498
|
2026-05-12 22:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2470
|
6.5 |
MEDIUM
Network
|
onyx
|
onyx
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42277
|
2026-05-12 22:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
