|
51
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7389
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a m…
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7388
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to pa…
New
|
CWE-22
Path Traversal
|
CVE-2026-7386
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Com…
New
|
CWE-78
OS Command
|
CVE-2026-6849
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
- |
|
-
|
-
|
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the gen…
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-6019
|
2026-04-30 01:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.
…
New
|
CWE-22
Path Traversal
|
CVE-2026-5166
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking…
New
|
CWE-266
CWE-269
CWE-284
Incorrect Privilege Assignment
Improper Privilege Management
Improper Access Control
|
CVE-2026-5141
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
7.5 |
HIGH
Network
|
-
|
-
|
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A maliciou…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42198
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
8.1 |
HIGH
Network
|
-
|
-
|
mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL ba…
New
|
CWE-89
SQL Injection
|
CVE-2026-42167
|
2026-04-30 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
9.8 |
CRITICAL
Network
|
-
|
-
|
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthent…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41940
|
2026-04-30 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
