|
801
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
|
-
|
CVE-2025-51847
|
2026-05-1 01:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12494. Reason: This candidate is a reservation duplicate of CVE-2025-12494. Notes: All CVE users should reference …
|
-
|
CVE-2025-13890
|
2026-05-1 01:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-33467
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both…
|
CWE-798
CWE-912
Use of Hard-coded Credentials
Hidden Functionality
|
CVE-2026-41446
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
7.2 |
HIGH
Network
|
-
|
-
|
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42615
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
- |
|
-
|
-
|
SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and…
|
CWE-89
SQL Injection
|
CVE-2026-3325
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
- |
|
-
|
-
|
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-42248
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
- |
|
-
|
-
|
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat…
|
CWE-22
CWE-494
Path Traversal
Download of Code Without Integrity Check
|
CVE-2026-42249
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-25852
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41220
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
