|
81
|
6.9 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46361
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order hist…
New
|
CWE-89
SQL Injection
|
CVE-2026-45800
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
3.5 |
LOW
Network
|
-
|
-
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return…
New
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-45781
|
2026-05-16 11:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
4.4 |
MEDIUM
Network
|
-
|
-
|
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…
New
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-45736
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
4.3 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authentic…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45007
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS com…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44366
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
5.5 |
MEDIUM
Local
|
microsoft
|
word
|
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41101
|
2026-05-16 11:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
5.5 |
MEDIUM
Local
|
microsoft
|
powerpoint
|
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-41102
|
2026-05-16 11:08 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
9.1 |
CRITICAL
Network
|
microsoft
|
confluence_saml_sso
jira_saml_sso
|
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-303
NVD-CWE-Other
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-41103
|
2026-05-16 11:07 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.8 |
HIGH
Local
|
microsoft
|
office
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42831
|
2026-05-16 11:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
