|
361
|
- |
|
-
|
-
|
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-30810
|
2026-05-13 01:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
New
|
CWE-89
SQL Injection
|
CVE-2026-34187
|
2026-05-13 01:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
- |
|
-
|
-
|
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)…
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-15633
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
- |
|
-
|
-
|
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized…
New
|
CWE-862
Missing Authorization
|
CVE-2025-15634
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to pe…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44499
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
5.3 |
MEDIUM
Network
|
-
|
-
|
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intend…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42028
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
Update
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6659
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server co…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41517
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verif…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-42193
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
3.4 |
LOW
Network
|
-
|
-
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
New
|
CWE-200
CWE-601
Information Exposure
Open Redirect
|
CVE-2026-42195
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
