|
1611
|
7.1 |
HIGH
Network
|
-
|
-
|
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
|
CWE-89
SQL Injection
|
CVE-2026-46445
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
7.1 |
HIGH
Network
|
-
|
-
|
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
|
CWE-89
SQL Injection
|
CVE-2026-46446
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
- |
|
-
|
-
|
Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5790
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
- |
|
-
|
-
|
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated at…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5798
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
9.9 |
CRITICAL
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permi…
|
CWE-862
Missing Authorization
|
CVE-2026-44442
|
2026-05-15 01:45 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including
the members list (user IDs, e-mails, roles), settings, and device cou…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44426
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34088
|
2026-05-15 01:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
7.5 |
HIGH
Network
|
mediawiki
|
checkuser
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.
This issue affects CheckUser: from 1.45.0 before 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34090
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34091
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Skin/Skin.Php.
This issue…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34092
|
2026-05-15 01:41 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
