|
2791
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.
This issue affects Geo Mashup: from n/a through 1.13.18.
|
CWE-79
Cross-site Scripting
|
CVE-2026-27427
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2792
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects RepairBuddy: from n/a through 4.1121.
|
CWE-862
Missing Authorization
|
CVE-2026-24638
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2793
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Paid Videochat Turnkey…
|
CWE-862
Missing Authorization
|
CVE-2026-24590
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2794
|
7.5 |
HIGH
Network
|
-
|
-
|
The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw t…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-8047
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2795
|
8.1 |
HIGH
Network
|
-
|
-
|
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including tho…
|
CWE-863
Incorrect Authorization
|
CVE-2026-8046
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2796
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Mayosis Core: from n/a through 5.4.7.
|
CWE-862
Missing Authorization
|
CVE-2026-39655
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2797
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint…
|
CWE-549
Missing Password Field Masking
|
CVE-2026-3314
|
2026-05-26 16:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2798
|
3.3 |
LOW
Local
|
-
|
-
|
A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-9529
|
2026-05-26 14:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2799
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9528
|
2026-05-26 14:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2800
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9527
|
2026-05-26 14:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
