|
2721
|
8.7 |
HIGH
Network
|
-
|
-
|
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization b…
|
CWE-22
CWE-61
Path Traversal
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-42275
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2722
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the mo…
|
CWE-79
Cross-site Scripting
|
CVE-2022-23961
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2723
|
- |
|
-
|
-
|
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
|
-
|
CVE-2024-46508
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2724
|
- |
|
-
|
-
|
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
|
-
|
CVE-2024-53326
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2725
|
- |
|
-
|
-
|
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular express…
|
-
|
CVE-2023-46453
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2726
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Copilot said: i18nextify is a JavaScript library that adds
i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3…
|
CWE-22
CWE-74
Path Traversal
Injection
|
CVE-2026-41691
|
2026-05-9 01:05 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2727
|
4.7 |
MEDIUM
Network
|
-
|
-
|
i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-41692
|
2026-05-9 01:05 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2728
|
- |
|
-
|
-
|
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.
|
-
|
CVE-2024-33724
|
2026-05-9 01:04 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2729
|
- |
|
-
|
-
|
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers …
|
-
|
CVE-2026-37431
|
2026-05-9 01:03 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2730
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-enc…
|
CWE-178
CWE-436
Improper Handling of Case Sensitivity
Interpretation Conflict
|
CVE-2026-42272
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
