|
491
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-31205
|
2026-05-6 04:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
8.1 |
HIGH
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-sid…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42471
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42472
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42473
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-42474
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field
Update
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2025-63547
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
Update
|
CWE-241
Improper Handling of Unexpected Data Type
|
CVE-2025-63548
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compressio…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39804
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
- |
|
-
|
-
|
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers.
'Elixir.Bandit.Headers':get_content_length/1 in lib/b…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-39805
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
- |
|
-
|
-
|
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections.
'Elixir.Bandit.Pipeline':determine_…
Update
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-39807
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
