|
4261
|
7.1 |
HIGH
Network
|
datahub
|
datahub
|
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44501
|
2026-05-16 12:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4262
|
5.3 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from `ctx…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-64526
|
2026-05-16 12:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4263
|
7.2 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in t…
|
CWE-89
SQL Injection
|
CVE-2026-22599
|
2026-05-16 12:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4264
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-22706
|
2026-05-16 12:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4265
|
5.4 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restr…
|
CWE-434
CWE-693
Unrestricted Upload of File with Dangerous Type
Protection Mechanism Failure
|
CVE-2026-22707
|
2026-05-16 12:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4266
|
7.5 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational…
|
CWE-22
CWE-200
CWE-943
Path Traversal
Information Exposure
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-27886
|
2026-05-16 12:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4267
|
8.8 |
HIGH
Adjacent
|
zyxel
|
wre6505_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat…
|
CWE-78
OS Command
|
CVE-2026-7256
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4268
|
4.4 |
MEDIUM
Local
|
zyxel
|
wre6505_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2026-7257
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4269
|
7.5 |
HIGH
Network
|
zyxel
|
nwa1100-n_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-7287
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4270
|
6.5 |
MEDIUM
Adjacent
|
pengutronix
|
barebox
|
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34960
|
2026-05-16 12:07 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
