|
2391
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
|
CWE-20
Improper Input Validation
|
CVE-2026-33000
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2392
|
7.8 |
HIGH
Local
|
mullvad
|
mullvad_vpn
|
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
|
CWE-269
CWE-345
CWE-427
NVD-CWE-noinfo
Improper Privilege Management
Insufficient Verification of Data Authenticity
Uncontrolled Search Path Element
|
CVE-2026-32323
|
2026-05-22 09:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2393
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
|
CWE-862
Missing Authorization
|
CVE-2026-32312
|
2026-05-22 08:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2394
|
3.5 |
LOW
Network
|
github
|
cli
|
`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-45803
|
2026-05-22 08:47 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2395
|
10.0 |
CRITICAL
Network
|
microsoft
|
azure_local
azure_resource_manager
|
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-42822
|
2026-05-22 08:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2396
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-5297
|
2026-05-22 08:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2397
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2026-8352
|
2026-05-22 06:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2398
|
8.8 |
HIGH
Network
|
-
|
-
|
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the…
|
CWE-88
Argument Injection
|
CVE-2026-47114
|
2026-05-22 06:03 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2399
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and …
|
CWE-862
Missing Authorization
|
CVE-2026-4843
|
2026-05-22 06:03 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2400
|
6.1 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp-casserver
simplesamlphp_casserver
|
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redire…
|
CWE-601
Open Redirect
|
CVE-2025-65954
|
2026-05-22 06:01 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
