7.3

CVSS3.1

CVE-2026-3880 - Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.

📅 Published: April 3, 2026, 11:41 a.m. 🔄 Last Modified: April 7, 2026, 7:55 a.m.

7.3

CVSS3.1

CVE-2026-3879 - Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report.

📅 Published: April 3, 2026, 11:33 a.m. 🔄 Last Modified: April 7, 2026, 7:55 a.m.

7.3

CVSS3.1

CVE-2026-28703 - Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.

📅 Published: April 3, 2026, 11:29 a.m. 🔄 Last Modified: April 7, 2026, 7:55 a.m.

7.3

CVSS3.1

CVE-2026-28756 - Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.

📅 Published: April 3, 2026, 11:11 a.m. 🔄 Last Modified: April 7, 2026, 7:55 a.m.

7.3

CVSS3.1

CVE-2026-28754 - Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.

📅 Published: April 3, 2026, 10:08 a.m. 🔄 Last Modified: April 7, 2026, 7:55 a.m.

8.1

CVSS3.1

CVE-2026-4350 - Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization check, or nonce verif…

📅 Published: April 3, 2026, 7:41 a.m. 🔄 Last Modified: April 24, 2026, 6:13 p.m.

5.6

CVSS4.0

CVE-2025-7024 - Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affect…

📅 Published: April 3, 2026, 7:30 a.m. 🔄 Last Modified: April 3, 2026, 9:17 p.m.

4.8

CVSS4.0

CVE-2026-5462 - Wahoo Fitness SYSTM App com.WahooFitness.SYSTM BuildConfig.java hard-coded key

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of hard-coded cryptographic…

📅 Published: April 3, 2026, 7:15 a.m. 🔄 Last Modified: April 24, 2026, 6:13 p.m.

4.8

CVSS4.0

CVE-2026-5458 - Noelse Individuals & Pro App com.afone.noelse BuildConfig.java hard-coded key

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT_WRITE_KEY causes use of hard-coded cryptographic …

📅 Published: April 3, 2026, 7 a.m. 🔄 Last Modified: April 24, 2026, 6:13 p.m.

4.8

CVSS4.0

CVE-2026-5457 - PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument SEGMENT_ANDROID_WRI…

📅 Published: April 3, 2026, 6:30 a.m. 🔄 Last Modified: April 24, 2026, 6:13 p.m.
Total resulsts: 349182
Page 706 of 34,919
« previous page » next page
Filters