|
601
|
5.3 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-59853
|
2026-05-8 05:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b…
New
|
CWE-80
CWE-79
Basic XSS
Cross-site Scripting
|
CVE-2025-59854
|
2026-05-8 05:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
6.5 |
MEDIUM
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-32603
|
2026-05-8 05:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could al…
New
|
CWE-358
CWE-79
Improperly Implemented Security Check for Standard
Cross-site Scripting
|
CVE-2025-31970
|
2026-05-8 04:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
The counter driver can use HW channels 1 and 2, while the PW…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31740
|
2026-05-8 04:56 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
Runtime PM counter is incremented / decremented each time…
Update
|
NVD-CWE-Other
|
CVE-2026-31741
|
2026-05-8 04:55 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
7.2 |
HIGH
Network
|
-
|
-
|
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44742
|
2026-05-8 04:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
- |
|
-
|
-
|
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41653
|
2026-05-8 04:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
9.1 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new use…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41902
|
2026-05-8 04:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
5.4 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended for general user-profile editing) …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41903
|
2026-05-8 04:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
