|
371
|
8.8 |
HIGH
Network
|
-
|
-
|
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to i…
New
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42205
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing un…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42286
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially…
New
|
CWE-89
SQL Injection
|
CVE-2026-42287
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but th…
Update
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-41887
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email bo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42192
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
- |
|
-
|
-
|
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor ID…
New
|
CWE-400
CWE-611
CWE-776
Uncontrolled Resource Consumption
XXE
XML Entity Expansion
|
CVE-2026-42212
|
2026-05-13 01:43 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
- |
|
-
|
-
|
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor f…
New
|
CWE-22
CWE-200
CWE-295
CWE-918
Path Traversal
Information Exposure
Improper Certificate Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-42213
|
2026-05-13 01:43 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
6.8 |
MEDIUM
Network
|
-
|
-
|
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
New
|
CWE-284
Improper Access Control
|
CVE-2026-1749
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to…
New
|
-
|
CVE-2026-32683
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.2 |
HIGH
Network
|
-
|
-
|
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
New
|
CWE-78
OS Command
|
CVE-2026-3828
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
