|
431
|
8.7 |
HIGH
Network
|
-
|
-
|
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitize…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34241
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-57798
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
8.7 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') …
Update
|
CWE-22
Path Traversal
|
CVE-2026-34653
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
5.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i…
Update
|
NVD-CWE-Other
|
CVE-2026-34654
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34655
|
2026-05-21 00:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
4.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-34656
|
2026-05-21 00:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34658
|
2026-05-21 00:50 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
3.4 |
LOW
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-34685
|
2026-05-21 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
8.6 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Update
|
CWE-668
CWE-693
Exposure of Resource to Wrong Sphere
Protection Mechanism Failure
|
CVE-2026-8958
|
2026-05-21 00:01 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
9.3 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-8950
|
2026-05-21 00:00 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
