|
3741
|
8.8 |
HIGH
Network
|
axis
|
axis_os
|
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-1185
|
2026-05-20 01:07 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3742
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axi…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-0804
|
2026-05-20 01:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3743
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis d…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-0802
|
2026-05-20 01:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3744
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-0541
|
2026-05-20 00:40 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3745
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an appli…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8656
|
2026-05-20 00:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3746
|
8.2 |
HIGH
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-8657
|
2026-05-20 00:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3747
|
7.5 |
HIGH
Network
|
-
|
-
|
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing,…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-8813
|
2026-05-20 00:38 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3748
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-8814
|
2026-05-20 00:38 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3749
|
9.8 |
CRITICAL
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
CWE-20
CWE-94
CWE-119
Improper Input Validation
Code Injection
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-45495
|
2026-05-20 00:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3750
|
7.3 |
HIGH
Network
|
apache
|
ofbiz
|
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-29226
|
2026-05-20 00:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
