|
2021
|
5.4 |
MEDIUM
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-31835
|
2026-05-12 01:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2022
|
7.5 |
HIGH
Network
|
zte
|
zxcloud_irai
|
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
|
CWE-134
NVD-CWE-noinfo
Use of Externally-Controlled Format String
|
CVE-2026-44407
|
2026-05-12 01:41 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2023
|
7.1 |
HIGH
Network
|
monetr
|
monetr
|
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user…
|
CWE-209
CWE-770
CWE-918
Information Exposure Through an Error Message
Allocation of Resources Without Limits or Throttling
Server-Side Request Forgery (SSRF)
|
CVE-2026-41644
|
2026-05-12 01:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2024
|
7.5 |
HIGH
Network
|
thalesgroup
|
ercom_cryptobox
|
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access c…
|
CWE-280
NVD-CWE-noinfo
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-6805
|
2026-05-12 01:37 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2025
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation caus…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8273
|
2026-05-12 01:17 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2026
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8217
|
2026-05-12 01:17 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2027
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec…
|
-
|
CVE-2025-63750
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2028
|
8.1 |
HIGH
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-12 00:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2029
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-12 00:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2030
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug…
|
CWE-863
Incorrect Authorization
|
CVE-2025-66170
|
2026-05-12 00:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
