|
91
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 202…
New
|
CWE-1392
Use of Default Credentials
|
CVE-2026-44159
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network tr…
New
|
CWE-405
CWE-406
CWE-770
Asymmetric Resource Consumption (Amplification)
Insufficient Control of Network Message Volume (Network Amplification)
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45557
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
8.1 |
HIGH
Network
|
-
|
-
|
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8711
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
8.4 |
HIGH
Local
|
-
|
-
|
An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external …
New
|
-
|
CVE-2026-5804
|
2026-05-20 02:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.0 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6333
|
2026-05-20 02:51 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges ca…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-40901
|
2026-05-20 02:47 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
9.8 |
CRITICAL
Network
|
h2o
|
h2o
|
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a…
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8751
|
2026-05-20 02:46 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-40902
|
2026-05-20 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-40903
|
2026-05-20 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.3 |
MEDIUM
Network
|
h2o
|
h2o
|
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon…
New
|
CWE-266
CWE-284
NVD-CWE-noinfo
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-8752
|
2026-05-20 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
