|
3531
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's e…
|
CWE-95
Eval Injection
|
CVE-2026-44128
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3532
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remot…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44129
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3533
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system i…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-7864
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3534
|
8.1 |
HIGH
Network
|
-
|
-
|
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands…
|
CWE-78
OS Command
|
CVE-2022-50994
|
2026-05-9 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3535
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access …
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41928
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3536
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41929
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3537
|
8.6 |
HIGH
Network
|
-
|
-
|
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per…
|
CWE-89
SQL Injection
|
CVE-2026-4935
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3538
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-138
Improper Neutralization of Special Elements
|
CVE-2026-26129
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3539
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-74
Injection
|
CVE-2026-26164
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3540
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-32207
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
