|
2841
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50970
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2842
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41705
|
2026-05-12 23:20 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2843
|
8.0 |
HIGH
Network
|
-
|
-
|
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
|
CWE-78
OS Command
|
CVE-2026-4802
|
2026-05-12 23:20 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2844
|
8.2 |
HIGH
Network
|
-
|
-
|
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44413
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2845
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
|
-
|
CVE-2026-41712
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2846
|
8.2 |
HIGH
Network
|
-
|
-
|
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input ma…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41713
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2847
|
- |
|
-
|
-
|
The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZD…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-12659
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2848
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This ha…
|
CWE-352
Origin Validation Error
|
CVE-2026-0502
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2849
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that …
|
CWE-79
Cross-site Scripting
|
CVE-2026-27682
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2850
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-34258
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
