|
3831
|
7.7 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl(…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39965
|
2026-05-23 04:17 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3832
|
7.6 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It …
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-34207
|
2026-05-23 04:17 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3833
|
4.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8347
|
2026-05-23 04:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3834
|
6.5 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4…
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8435
|
2026-05-23 04:15 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3835
|
6.7 |
MEDIUM
Local
|
dell
|
smartfabric_storage_software
|
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w…
|
CWE-77
Command Injection
|
CVE-2026-35070
|
2026-05-23 04:14 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3836
|
6.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CM…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7890
|
2026-05-23 04:12 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3837
|
7.5 |
HIGH
Network
|
dell
|
elastic_cloud_storage
|
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, le…
|
CWE-284
Improper Access Control
|
CVE-2022-31231
|
2026-05-23 04:10 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3838
|
5.0 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a craft…
|
CWE-601
Open Redirect
|
CVE-2026-9245
|
2026-05-23 04:05 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3839
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of s…
|
CWE-862
Missing Authorization
|
CVE-2026-9246
|
2026-05-23 04:04 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3840
|
2.4 |
LOW
Network
|
devolutions
|
devolutions_server
|
Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to admi…
|
CWE-778
Insufficient Logging
|
CVE-2026-9247
|
2026-05-23 04:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
