|
4061
|
8.2 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-35676
|
2026-05-29 03:56 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4062
|
6.5 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning e…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41141
|
2026-05-29 03:56 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4063
|
4.3 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary not…
|
CWE-284
CWE-639
CWE-862
Improper Access Control
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-41160
|
2026-05-29 03:56 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4064
|
- |
|
-
|
-
|
Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin…
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-45021
|
2026-05-29 03:56 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4065
|
8.7 |
HIGH
Network
|
-
|
-
|
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47759
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4066
|
8.7 |
HIGH
Network
|
-
|
-
|
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47760
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4067
|
8.7 |
HIGH
Network
|
-
|
-
|
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47761
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4068
|
8.7 |
HIGH
Network
|
-
|
-
|
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and injec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47762
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4069
|
- |
|
-
|
-
|
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico d…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41184
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4070
|
- |
|
-
|
-
|
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41185
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
