|
1881
|
- |
|
-
|
-
|
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
Users are recommended to upgra…
|
CWE-269
Improper Privilege Management
|
CVE-2026-24072
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
8.8 |
HIGH
Network
|
-
|
-
|
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which f…
|
CWE-415
Double Free
|
CVE-2026-23918
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
7.5 |
HIGH
Network
|
-
|
-
|
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial …
|
CWE-617
Reachable Assertion
|
CVE-2025-56568
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2025-46115
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
9.8 |
CRITICAL
Network
|
cpanel
|
cpanel
whm
wp_squared
|
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41940
|
2026-05-5 03:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
6.5 |
MEDIUM
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing…
|
CWE-126
Buffer Over-read
|
CVE-2026-6238
|
2026-05-5 02:57 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
7.5 |
HIGH
Network
|
xwiki
|
cryptpad
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-5 01:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
8.8 |
HIGH
Network
|
progress
|
moveit_automation
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-5 01:47 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
6.5 |
MEDIUM
Network
|
-
|
-
|
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5337
|
2026-05-5 00:23 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-5335
|
2026-05-5 00:23 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
