|
3531
|
8.2 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41669
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3532
|
5.2 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-41662
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3533
|
2.7 |
LOW
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, C…
|
CWE-200
Information Exposure
|
CVE-2026-41659
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3534
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI l…
|
CWE-862
Missing Authorization
|
CVE-2026-41658
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3535
|
4.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allow…
|
CWE-22
Path Traversal
|
CVE-2026-41656
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3536
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a mal…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-41643
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3537
|
7.2 |
HIGH
Network
|
-
|
-
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL …
|
CWE-89
CWE-284
SQL Injection
Improper Access Control
|
CVE-2026-41641
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3538
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41587
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3539
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts u…
|
CWE-22
Path Traversal
|
CVE-2026-41203
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3540
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted fro…
|
CWE-126
Buffer Over-read
|
CVE-2026-37532
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
