|
3221
|
7.5 |
HIGH
Network
|
-
|
-
|
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …
|
-
|
CVE-2026-23870
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3222
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-7 23:51 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3223
|
- |
|
-
|
-
|
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data…
|
CWE-20
CWE-352
CWE-917
Improper Input Validation
Origin Validation Error
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-28201
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3224
|
- |
|
-
|
-
|
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S…
|
CWE-20
Improper Input Validation
|
CVE-2026-33587
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3225
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33588
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3226
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33589
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3227
|
7.1 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41660
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3228
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41657
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3229
|
3.5 |
LOW
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire v…
|
CWE-352
Origin Validation Error
|
CVE-2026-41663
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3230
|
4.3 |
MEDIUM
Network
|
flowiseai
|
flowise
|
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argumen…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8027
|
2026-05-7 23:50 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
