|
431
|
- |
|
-
|
-
|
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s…
New
|
-
|
CVE-2026-31214
|
2026-05-13 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containin…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-70842
|
2026-05-13 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
- |
|
-
|
-
|
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.
New
|
-
|
CVE-2023-30059
|
2026-05-13 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
New
|
-
|
CVE-2023-27753
|
2026-05-13 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
6.5 |
MEDIUM
Local
|
linuxcontainers
|
lxc
|
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-39402
|
2026-05-13 01:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
5.3 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44201
|
2026-05-13 00:59 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44197
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
4.3 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44198
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44199
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of …
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44200
|
2026-05-13 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
