|
3791
|
8.1 |
HIGH
Network
|
-
|
-
|
shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9277
|
2026-05-23 13:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3792
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page (retrieved from the request's Referer header) allows an attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40598
|
2026-05-23 13:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3793
|
6.5 |
MEDIUM
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub…
|
CWE-287
CWE-345
Improper Authentication
Insufficient Verification of Data Authenticity
|
CVE-2026-39969
|
2026-05-23 13:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3794
|
5.4 |
MEDIUM
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39964
|
2026-05-23 13:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3795
|
8.1 |
HIGH
Network
|
-
|
-
|
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c…
|
CWE-610
CWE-639
Externally Controlled Reference to a Resource in Another Sphere
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45760
|
2026-05-23 12:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3796
|
8.1 |
HIGH
Network
|
-
|
-
|
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Co…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9256
|
2026-05-23 10:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3797
|
6.8 |
MEDIUM
Physics
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coor…
|
CWE-77
Command Injection
|
CVE-2026-45585
|
2026-05-23 08:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3798
|
4.3 |
MEDIUM
Network
|
apache
|
cxf
|
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommende…
|
CWE-90
LDAP Injection
|
CVE-2026-44930
|
2026-05-23 07:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3799
|
5.3 |
MEDIUM
Network
|
apache
|
cxf
|
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is…
|
CWE-611
XXE
|
CVE-2026-44618
|
2026-05-23 07:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3800
|
- |
|
-
|
-
|
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39970
|
2026-05-23 06:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
