|
2131
|
8.8 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…
|
CWE-78
CWE-116
OS Command
Improper Encoding or Escaping of Output
|
CVE-2026-44713
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2132
|
7.4 |
HIGH
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o…
|
CWE-284
Improper Access Control
|
CVE-2026-47269
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2133
|
6.3 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage…
|
CWE-362
Race Condition
|
CVE-2026-47270
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2134
|
6.1 |
MEDIUM
Network
|
apache
|
echarts
|
A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic.
This issue affects Apache ECharts: from before 6.1.0.
In versions prior to 6.1.0,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45249
|
2026-05-28 22:48 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2135
|
6.5 |
MEDIUM
Network
|
apache
|
shiro
|
Default configurations of Apache Shiro have a session fixation vulnerability.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1…
|
CWE-384
Session Fixation
|
CVE-2026-43827
|
2026-05-28 22:47 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2136
|
6.5 |
MEDIUM
Network
|
apache
|
shiro
|
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommen…
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-43828
|
2026-05-28 22:45 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2137
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_…
|
CWE-862
Missing Authorization
|
CVE-2026-4888
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2138
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action_get_event_data due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9228
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2139
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth…
|
CWE-352
Origin Validation Error
|
CVE-2026-7533
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2140
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-9644
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
