Medium
CVSS: 5.3
Yayın: 2026-04-19 19:16:14
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument So…
Medium
CVSS: 6.9
Yayın: 2026-04-19 14:16:11
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credential…
Medium
CVSS: 5.3
Yayın: 2026-04-19 13:16:46
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side reque…
Medium
CVSS: 6.3
Yayın: 2026-04-19 13:16:45
A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fi…
Medium
CVSS: 5.3
Yayın: 2026-04-19 12:16:33
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to author…
Medium
CVSS: 5.1
Yayın: 2026-04-19 12:16:32
A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attac…
Medium
CVSS: 6.9
Yayın: 2026-04-19 11:16:14
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentica…
Medium
CVSS: 6.9
Yayın: 2026-04-19 10:16:09
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path cause…
Medium
CVSS: 5.3
Yayın: 2026-04-19 10:16:08
A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit…
High
CVSS: 7.4
Yayın: 2026-04-19 09:16:11
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the att…
Medium
CVSS: 6.9
Yayın: 2026-04-19 09:16:10
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote…
Medium
CVSS: 5.1
Yayın: 2026-04-19 08:16:26
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is p…
High
CVSS: 7.4
Yayın: 2026-04-19 07:16:05
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed…
Medium
CVSS: 5.3
Yayın: 2026-04-19 06:16:10
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. U…
Medium
CVSS: 6.4
Yayın: 2026-04-19 04:16:10
The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output esca…
Unknown
CVSS: -
Yayın: 2026-04-18 23:16:12
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Critical
CVSS: 9.4
Yayın: 2026-04-18 17:16:13
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that…
Unknown
CVSS: -
Yayın: 2026-04-18 14:16:10
The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm co…
Medium
CVSS: 6.4
Yayın: 2026-04-18 12:16:11
The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it poss…
Medium
CVSS: 5.4
Yayın: 2026-04-18 10:16:12
The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input…