26082 matches found
CVE-2026-6483
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...
CVE-2026-23779
creationtimestamp| type| source ---|---|--- 2026-04-17 10:45:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjoqmfwsst2r...
CVE-2026-6439
creationtimestamp| type| source ---|---|--- 2026-04-17 10:23:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjopg5kzre2f 2026-04-17 11:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjotaarzaz2u...
CVE-2026-4817
creationtimestamp| type| source ---|---|--- 2026-04-17 06:55:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjodqwhbqp2f 2026-04-17 08:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjoj6ezi7t2i...
CVE-2026-40459
creationtimestamp| type| source ---|---|--- 2026-04-17 06:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2026-40458 2026-04-17 14:43:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjp5wiubzo2f 2026-04-17 15:15:54+00:00| seen|...
CVE-2026-5807
creationtimestamp| type| source ---|---|--- 2026-04-17 06:50:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjodhxzg7k2r 2026-04-17 07:16:22+00:00| seen| Telegram/tG2JfBYkK87mHaeOPjoo4KUhb5Z5XakpvfcfSoidkAS14Y 2026-04-17 12:54:36+00:00| seen|...
EUVD-2026-23364
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...
GHSA-67CG-CPJ7-QGC9
creationtimestamp| type| source ---|---|--- 2026-04-17 05:18:08+00:00| published-proof-of-concept| Telegram/MfRD7ll8pGcGi3RGemlsgII30sQ-Y2l5bpdSqMK2BdYlKE...
GHSA-F443-95CF-M837
creationtimestamp| type| source ---|---|--- 2026-04-17 05:18:08+00:00| published-proof-of-concept| Telegram/MfRD7ll8pGcGi3RGemlsgII30sQ-Y2l5bpdSqMK2BdYlKE...
CVE-2026-6080
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...
GHSA-XQ3M-2V4X-88GG
creationtimestamp| type| source ---|---|--- 2026-04-17 04:00:00+00:00| published-proof-of-concept| https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg 2026-04-17 04:00:00+00:00| confirmed|...
CVE-2026-6080
The CVE describes a SQL Injection in the WordPress Tutor LMS plugin (versions ≤ 3.9.8). Root cause: insufficient escaping on the 'date' parameter and direct interpolation into a SQL fragment before $wpdb->prepare(), enabling authenticated Admin+ attackers to append extra SQL queries and extrac...
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...
CVE-2026-6080
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...
CVE-2026-22734
creationtimestamp| type| source ---|---|--- 2026-04-17 02:53:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnwasdz5c26 2026-04-17 03:16:02+00:00| published-proof-of-concept| Telegram/OCRuCpCrMYyNHl7tK2WvZ5-EwER3iqlB4XvdcqwHWSldrs 2026-04-17 16:00:32+00:00| seen|...
WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...
GHSA-VW86-C94W-V3X4
creationtimestamp| type| source ---|---|--- 2026-04-17 01:16:10+00:00| published-proof-of-concept| Telegram/L7r3B6HZ1No5mrz6jolg2h46aKqgVbGrSL49d6iAO6fVY...
GHSA-7M5H-W69J-QGGG
creationtimestamp| type| source ---|---|--- 2026-04-17 01:16:10+00:00| published-proof-of-concept| Telegram/L7r3B6HZ1No5mrz6jolg2h46aKqgVbGrSL49d6iAO6fVY...
GHSA-X63Q-3RCJ-HHP5
creationtimestamp| type| source ---|---|--- 2026-04-17 01:16:10+00:00| published-proof-of-concept| Telegram/L7r3B6HZ1No5mrz6jolg2h46aKqgVbGrSL49d6iAO6fVY...