6.9

CVSS4.0

CVE-2026-7633 - Totolink N300RH cstecgi.cgi setUploadSetting file inclusion

A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mighโ€ฆ

๐Ÿ“… Published: May 2, 2026, 2 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 2 p.m.

6.9

CVSS4.0

CVE-2026-7632 - code-projects Online Hospital Management System viewappointment.php sql injection

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly diโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:45 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 7:46 p.m.

5.3

CVSS4.0

CVE-2026-7631 - code-projects Online Hospital Management System Registration improper authorization

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has beenโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:30 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1:30 p.m.

6.4

CVSS3.1

CVE-2026-0703 - NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Crosโ€ฆ

The NextMove Lite โ€“ Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. โ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:26 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1:26 p.m.

8.1

CVSS3.1

CVE-2026-2554 - WCFM โ€“ Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7โ€ฆ

The WCFM โ€“ Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' userโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:26 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1:26 p.m.

5.3

CVSS3.1

CVE-2026-3504 - Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Informatiโ€ฆ

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/{id}/reviews' REST API endpoint. This is due to the 'prepare_reviews_for_response' method incโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:26 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1:26 p.m.

6.9

CVSS4.0

CVE-2026-7630 - innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote exploโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1:15 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1:15 p.m.

5.3

CVSS4.0

CVE-2026-7629 - kleneway awesome-cursor-mpc-server Ccode-Review Tool codeReview.ts runCodeReviewTool command injectโ€ฆ

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has beโ€ฆ

๐Ÿ“… Published: May 2, 2026, 1 p.m. ๐Ÿ”„ Last Modified: May 2, 2026, 1 p.m.

5.3

CVSS4.0

CVE-2026-7628 - crazyrabbitLTC mcp-code-review-server RepoMix repomix.ts executeRepomix command injection

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exโ€ฆ

๐Ÿ“… Published: May 2, 2026, noon ๐Ÿ”„ Last Modified: May 2, 2026, noon

5.5

CVSS3.1

CVE-2026-6525 - NULL Pointer Dereference in Wireshark

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

๐Ÿ“… Published: May 2, 2026, 11:33 a.m. ๐Ÿ”„ Last Modified: May 2, 2026, 11:33 a.m.
Total resulsts: 347708
Page 2 of 34,771
ยซ previous page ยป next page
Filters