|
1691
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization.…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-7597
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1692
|
8.1 |
HIGH
Network
|
-
|
-
|
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7491
|
2026-05-6 05:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1693
|
8.8 |
HIGH
Network
|
-
|
-
|
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-7489
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1694
|
7.2 |
HIGH
Network
|
-
|
-
|
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7490
|
2026-05-6 05:14 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1695
|
- |
|
-
|
-
|
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-6499
|
2026-05-6 05:14 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1696
|
- |
|
-
|
-
|
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-6500
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1697
|
- |
|
-
|
-
|
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
|
CWE-611
XXE
|
CVE-2026-6501
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1698
|
8.8 |
HIGH
Adjacent
|
google
|
android
|
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-0073
|
2026-05-6 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1699
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1700
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
