|
2341
|
2.7 |
LOW
Network
|
devolutions
|
devolutions_server
|
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-8477
|
2026-05-23 03:54 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2342
|
7.1 |
HIGH
Network
|
devolutions
|
devolutions_server
|
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provide…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7325
|
2026-05-23 03:45 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2343
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activ…
|
CWE-284
Improper Access Control
|
CVE-2026-5171
|
2026-05-23 03:36 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2344
|
5.4 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac…
|
CWE-862
Missing Authorization
|
CVE-2026-9251
|
2026-05-23 03:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2345
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36226
|
2026-05-23 03:28 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2346
|
7.8 |
HIGH
Local
|
-
|
-
|
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by craft…
|
CWE-862
Missing Authorization
|
CVE-2026-9255
|
2026-05-23 03:28 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2347
|
5.9 |
MEDIUM
Local
|
-
|
-
|
HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42626
|
2026-05-23 03:28 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2348
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-28444
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2349
|
8.7 |
HIGH
Network
|
-
|
-
|
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML direct…
|
CWE-79
Cross-site Scripting
|
CVE-2026-28445
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2350
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Re…
|
CWE-862
CWE-918
Missing Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-33712
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
