|
561
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-23652
|
2026-05-23 08:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
4.3 |
MEDIUM
Network
|
apache
|
cxf
|
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommende…
|
CWE-90
LDAP Injection
|
CVE-2026-44930
|
2026-05-23 07:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
5.3 |
MEDIUM
Network
|
apache
|
cxf
|
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is…
|
CWE-611
XXE
|
CVE-2026-44618
|
2026-05-23 07:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
8.7 |
HIGH
Network
|
-
|
-
|
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41147
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
8.1 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations…
|
CWE-287
Improper Authentication
|
CVE-2026-41076
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
8.8 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i…
|
CWE-89
SQL Injection
|
CVE-2026-41075
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
7.1 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in…
|
CWE-352
Origin Validation Error
|
CVE-2026-41074
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
4.6 |
MEDIUM
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-41073
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
- |
|
-
|
-
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chun…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41071
|
2026-05-23 07:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
5.4 |
MEDIUM
Network
|
-
|
-
|
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with…
|
CWE-352
Origin Validation Error
|
CVE-2026-40864
|
2026-05-23 06:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
