|
2721
|
7.4 |
HIGH
Local
|
-
|
-
|
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directo…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-34354
|
2026-05-13 00:10 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2722
|
7.2 |
HIGH
Network
|
-
|
-
|
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.
|
CWE-22
Path Traversal
|
CVE-2026-41951
|
2026-05-13 00:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2723
|
3.3 |
LOW
Local
|
-
|
-
|
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe…
|
CWE-22
Path Traversal
|
CVE-2026-41530
|
2026-05-13 00:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2724
|
7.4 |
HIGH
Network
|
-
|
-
|
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41872
|
2026-05-13 00:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2725
|
- |
|
-
|
-
|
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited…
|
CWE-1392
Use of Default Credentials
|
CVE-2026-7428
|
2026-05-13 00:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2726
|
8.1 |
HIGH
Network
|
-
|
-
|
HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission …
|
CWE-352
Origin Validation Error
|
CVE-2026-38566
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2727
|
9.8 |
CRITICAL
Network
|
-
|
-
|
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c…
|
CWE-89
SQL Injection
|
CVE-2026-38567
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2728
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61305
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2729
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61306
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2730
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61307
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
