|
1121
|
8.1 |
HIGH
Network
|
-
|
-
|
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44400
|
2026-05-14 00:30 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-14 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
8.8 |
HIGH
Network
|
-
|
-
|
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager con…
Update
|
CWE-59
Link Following
|
CVE-2021-47949
|
2026-05-14 00:29 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50957
|
2026-05-14 00:29 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
New
|
CWE-862
Missing Authorization
|
CVE-2026-43638
|
2026-05-14 00:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
8.0 |
HIGH
Network
|
-
|
-
|
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
New
|
CWE-862
Missing Authorization
|
CVE-2026-43639
|
2026-05-14 00:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
8.1 |
HIGH
Network
|
-
|
-
|
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management …
New
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-43640
|
2026-05-14 00:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34960
|
2026-05-14 00:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50943
|
2026-05-14 00:27 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
8.8 |
HIGH
Network
|
-
|
-
|
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…
New
|
CWE-94
Code Injection
|
CVE-2026-8429
|
2026-05-14 00:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
