|
551
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
CWE-840
Business Logic Errors
|
CVE-2026-41971
|
2026-05-15 23:08 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
8.3 |
HIGH
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
|
CWE-441
CWE-863
CWE-918
Confused Deputy
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-42313
|
2026-05-15 23:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
6.7 |
MEDIUM
Local
|
fortinet
|
fortiap
fortiap-u
fortiap-w2
|
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5…
|
CWE-78
OS Command
|
CVE-2025-53680
|
2026-05-15 23:04 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
7.2 |
HIGH
Network
|
fortinet
|
fortimail
|
An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5,…
|
CWE-89
SQL Injection
|
CVE-2025-53681
|
2026-05-15 23:04 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
8.8 |
HIGH
Network
|
fortinet
|
fortios
|
A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via spe…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-53844
|
2026-05-15 23:04 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
fortimanager
|
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions,…
|
CWE-676
Use of Potentially Dangerous Function
|
CVE-2025-67604
|
2026-05-15 23:03 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
7.2 |
HIGH
Network
|
ivanti
|
virtual_traffic_manager
|
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
CWE-78
OS Command
|
CVE-2026-8051
|
2026-05-15 22:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
6.5 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ …
|
CWE-22
Path Traversal
|
CVE-2026-42314
|
2026-05-15 22:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortisandbox
fortisandbox_cloud
fortisandbox_paas
|
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Fort…
|
CWE-862
Missing Authorization
|
CVE-2026-26083
|
2026-05-15 22:42 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiauthenticator
|
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attack…
|
CWE-284
Improper Access Control
|
CVE-2026-44277
|
2026-05-15 22:41 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
