|
81
|
- |
|
-
|
-
|
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters …
New
|
-
|
CVE-2026-36827
|
2026-05-20 03:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell…
New
|
-
|
CVE-2026-36828
|
2026-05-20 03:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
7.5 |
HIGH
Network
|
-
|
-
|
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when run…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47356
|
2026-05-20 02:59 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
7.5 |
HIGH
Network
|
-
|
-
|
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/sca…
New
|
CWE-73
CWE-610
CWE-918
External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)
|
CVE-2026-47357
|
2026-05-20 02:59 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
- |
|
-
|
-
|
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.
…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-5511
|
2026-05-20 02:59 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
7.5 |
HIGH
Network
|
-
|
-
|
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM …
New
|
CWE-73
CWE-610
CWE-918
External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)
|
CVE-2026-47358
|
2026-05-20 02:59 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
7.5 |
HIGH
Network
|
-
|
-
|
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address…
New
|
CWE-348
Use of Less Trusted Source
|
CVE-2026-43634
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
7.5 |
HIGH
Network
|
-
|
-
|
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal metho…
New
|
CWE-862
Missing Authorization
|
CVE-2026-47100
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of …
New
|
CWE-94
CWE-917
Code Injection
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-2586
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and eval…
New
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-2587
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
