|
3591
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, hold…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6863
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3592
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every re…
|
CWE-287
Improper Authentication
|
CVE-2026-41671
|
2026-05-7 23:54 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3593
|
- |
|
-
|
-
|
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the w…
|
CWE-88
Argument Injection
|
CVE-2026-7865
|
2026-05-7 23:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3594
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.
Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_…
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5081
|
2026-05-7 23:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3595
|
7.5 |
HIGH
Network
|
-
|
-
|
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …
|
-
|
CVE-2026-23870
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3596
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-7 23:51 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3597
|
- |
|
-
|
-
|
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data…
|
CWE-20
CWE-352
CWE-917
Improper Input Validation
Origin Validation Error
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-28201
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3598
|
- |
|
-
|
-
|
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S…
|
CWE-20
Improper Input Validation
|
CVE-2026-33587
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3599
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33588
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3600
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33589
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
