|
41
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48215
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48214
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48207
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
- |
|
-
|
-
|
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsona…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-48172
|
2026-05-22 03:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects HAPPY: from n/a through 1.0.10.
New
|
CWE-862
Missing Authorization
|
CVE-2026-39593
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
7.8 |
HIGH
Local
|
-
|
-
|
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-22554
|
2026-05-22 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.1 |
CRITICAL
Network
|
scadabr
|
scadabr
|
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sen…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-8602
|
2026-05-22 02:19 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
9.8 |
CRITICAL
Network
|
scadabr
|
scadabr
|
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
New
|
CWE-78
OS Command
|
CVE-2026-8603
|
2026-05-22 02:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
8.8 |
HIGH
Network
|
scadabr
|
scadabr
|
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8604
|
2026-05-22 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48213
|
2026-05-22 02:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
