| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7571 | Hig | 0.39 | 7.1 | 0.00 | May 19, 2026 | A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can… | ||
| CVE-2026-7507 | Hig | 0.42 | 7.5 | 0.00 | May 19, 2026 | A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the… | ||
| CVE-2026-7504 | Hig | 0.46 | 8.1 | 0.01 | May 19, 2026 | A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or… | ||
| CVE-2026-7307 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2026 | A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS)… | ||
| CVE-2026-8827 | — | Hig | 0.53 | — | 0.00 | May 19, 2026 | The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom… | |
| CVE-2026-8727 | Hig | 0.46 | — | 0.00 | May 19, 2026 | The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation… | ||
| CVE-2026-8726 | Hig | 0.46 | — | 0.00 | May 19, 2026 | The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news… | ||
| CVE-2026-46586 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version… | ||
| CVE-2026-31910 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | ||
| CVE-2026-31909 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | ||
| CVE-2026-29226 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | ||
| CVE-2026-47314 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2026-8813 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2026 | This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array… | ||
| CVE-2026-47311 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2026-47310 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2025-15609 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc. | ||
| CVE-2026-27648 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||
| CVE-2026-25781 | Hig | 0.55 | 8.4 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | ||
| CVE-2026-24792 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||
| CVE-2026-22069 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | ||
| CVE-2026-33233 | Hig | 0.49 | 7.6 | 0.00 | May 19, 2026 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path… | ||
| CVE-2026-33232 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption.… | ||
| CVE-2026-32323 | Hig | 0.40 | 7.3 | 0.00 | May 19, 2026 | Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying… | ||
| CVE-2026-30950 | Hig | 0.39 | 7.1 | 0.00 | May 18, 2026 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of… | ||
| CVE-2026-27891 | Hig | 0.40 | 7.2 | 0.01 | May 18, 2026 | FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a… | ||
| CVE-2026-8851 | Hig | 0.53 | 8.1 | 0.00 | May 18, 2026 | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls… | ||
| CVE-2026-4137 | Hig | 0.44 | 7.8 | 0.00 | May 18, 2026 | In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py`… | ||
| CVE-2026-26978 | Hig | 0.49 | — | 0.01 | May 18, 2026 | FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX… | ||
| CVE-2026-22810 | Hig | 0.46 | 8.2 | 0.00 | May 18, 2026 | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the… | ||
| CVE-2026-45367 | hig | 0.38 | — | 0.00 | May 18, 2026 | ## Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions `matches()`, `matchesFull()`, and `replaceMatches()` pass user-controlled regular expressions directly to Java's… | ||
| CVE-2026-47092 | Hig | 0.44 | 7.8 | 0.01 | May 18, 2026 | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud… | ||
| CVE-2026-45245 | Hig | 0.41 | 7.4 | 0.00 | May 18, 2026 | Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying… | ||
| CVE-2026-45242 | Hig | 0.39 | 7.1 | 0.00 | May 18, 2026 | Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter.… | ||
| CVE-2026-45495 | Hig | 0.57 | 8.8 | 0.01 | May 18, 2026 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2026-29963 | Hig | 0.49 | 7.5 | 0.01 | May 18, 2026 | HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote… | ||
| CVE-2026-29962 | Hig | 0.49 | 7.5 | 0.00 | May 18, 2026 | HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate… | ||
| CVE-2026-45363 | hig | 0.39 | — | 0.00 | May 18, 2026 | `JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm. ```… | ||
| CVE-2026-41085 | Hig | 0.57 | 8.8 | 0.00 | May 18, 2026 | Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces. | ||
| CVE-2026-45325 | hig | 0.39 | — | 0.00 | May 18, 2026 | ### Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath(). ### Patches A fix is available in versions 20260509.0340.15 and up. | ||
| CVE-2026-45270 | hig | 0.45 | — | 0.00 | May 18, 2026 | ## Summary The `Pages` backend module registers the `html_purify` validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages (`Home::index()` → `app/Views/templates/default/pages.php`) emits… | ||
| CVE-2025-57282 | Hig | 0.57 | 8.8 | 0.01 | May 18, 2026 | ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. | ||
| CVE-2025-56352 | Hig | 0.42 | 7.5 | 0.00 | May 18, 2026 | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a… | ||
| CVE-2026-39079 | Hig | 0.49 | 7.5 | 0.00 | May 18, 2026 | An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components | ||
| CVE-2026-26462 | — | Hig | 0.47 | 7.3 | 0.00 | May 18, 2026 | Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs… | |
| CVE-2026-45135 | hig | 0.38 | — | 0.00 | May 18, 2026 | ### Summary The FastCGI transport's `splitPos()` in [`modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go`](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the… | ||
| CVE-2026-42009 | Hig | 0.42 | 7.5 | 0.01 | May 18, 2026 | A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate… | ||
| CVE-2026-0983 | Hig | 0.46 | — | 0.00 | May 18, 2026 | Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash | ||
| CVE-2026-7498 | — | Hig | 0.57 | 8.8 | 0.00 | May 18, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025. | |
| CVE-2026-6902 | Hig | 0.50 | — | 0.00 | May 18, 2026 | A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | ||
| CVE-2026-6347 | Hig | 0.42 | 7.6 | 0.00 | May 18, 2026 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present… |
- risk 0.39cvss 7.1epss 0.00
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can…
- risk 0.42cvss 7.5epss 0.00
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the…
- risk 0.46cvss 8.1epss 0.01
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS)…
- risk 0.53cvss —epss 0.00
The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom…
- risk 0.46cvss —epss 0.00
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation…
- risk 0.46cvss —epss 0.00
The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news…
- risk 0.57cvss 8.8epss 0.01
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version…
- risk 0.49cvss 7.5epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
- risk 0.49cvss 7.5epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
- risk 0.47cvss 7.3epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
- risk 0.44cvss 7.8epss 0.00
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.42cvss 7.5epss 0.01
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array…
- risk 0.44cvss 7.8epss 0.00
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.44cvss 7.8epss 0.00
Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.49cvss 7.5epss 0.00
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.
- risk 0.57cvss 8.8epss 0.01
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
- risk 0.53cvss 8.1epss 0.00
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- risk 0.47cvss 7.3epss 0.00
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
- risk 0.49cvss 7.6epss 0.00
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path…
- risk 0.49cvss 7.5epss 0.00
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption.…
- risk 0.40cvss 7.3epss 0.00
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying…
- risk 0.39cvss 7.1epss 0.00
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of…
- risk 0.40cvss 7.2epss 0.01
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a…
- risk 0.53cvss 8.1epss 0.00
SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls…
- risk 0.44cvss 7.8epss 0.00
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py`…
- risk 0.49cvss —epss 0.01
FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX…
- risk 0.46cvss 8.2epss 0.00
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the…
- risk 0.38cvss —epss 0.00
## Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions `matches()`, `matchesFull()`, and `replaceMatches()` pass user-controlled regular expressions directly to Java's…
- risk 0.44cvss 7.8epss 0.01
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud…
- risk 0.41cvss 7.4epss 0.00
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying…
- risk 0.39cvss 7.1epss 0.00
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter.…
- risk 0.57cvss 8.8epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.01
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote…
- risk 0.49cvss 7.5epss 0.00
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate…
- risk 0.39cvss —epss 0.00
`JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm. ```…
- risk 0.57cvss 8.8epss 0.00
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.
- risk 0.39cvss —epss 0.00
### Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath(). ### Patches A fix is available in versions 20260509.0340.15 and up.
- risk 0.45cvss —epss 0.00
## Summary The `Pages` backend module registers the `html_purify` validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages (`Home::index()` → `app/Views/templates/default/pages.php`) emits…
- risk 0.57cvss 8.8epss 0.01
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
- risk 0.42cvss 7.5epss 0.00
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a…
- risk 0.49cvss 7.5epss 0.00
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components
- risk 0.47cvss 7.3epss 0.00
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs…
- risk 0.38cvss —epss 0.00
### Summary The FastCGI transport's `splitPos()` in [`modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go`](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate…
- risk 0.46cvss —epss 0.00
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
- risk 0.57cvss 8.8epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025.
- risk 0.50cvss —epss 0.00
A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks.
- risk 0.42cvss 7.6epss 0.00
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present…