|
1161
|
- |
|
-
|
-
|
Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: This candidate is a duplicate of CVE-2026-40520. Notes: All CVE users should reference CVE-2026-40520 …
|
-
|
CVE-2026-41410
|
2026-05-14 04:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
6.5 |
MEDIUM
Network
|
-
|
-
|
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat…
|
CWE-89
SQL Injection
|
CVE-2026-37429
|
2026-05-14 04:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
6.5 |
MEDIUM
Network
|
-
|
-
|
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat…
|
CWE-89
SQL Injection
|
CVE-2026-37428
|
2026-05-14 04:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
vsp_g130_firmware
vsp_g150_firmware
vsp_g350_firmware
vsp_g370_firmware
vsp_g700_firmware
vsp_g900_firmware
vsp_f350_firmware
vsp_f370_firmware
vs…
|
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi…
|
CWE-94
Code Injection
|
CVE-2025-1978
|
2026-05-14 04:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
5.3 |
MEDIUM
Network
|
hitachi
|
virtual_storage_one_block
vsp_g130_firmware
vsp_g150_firmware
vsp_g350_firmware
vsp_g370_firmware
vsp_g700_firmware
vsp_g900_firmware
vsp_f350_firmware
vsp_f370_firmware
vs…
|
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platfor…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-2514
|
2026-05-14 04:14 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
libcurl might in some circumstances reuse the wrong connection for SMB(S)
transfers.
libcurl features a pool of recent connections so that subsequent requests can
reuse an existing connection to avo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5773
|
2026-05-14 04:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
6.5 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-40300
|
2026-05-14 03:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42899
|
2026-05-14 03:39 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
9.1 |
CRITICAL
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POS…
|
CWE-22
Path Traversal
|
CVE-2026-42608
|
2026-05-14 03:39 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
7.5 |
HIGH
Network
|
microsoft
|
outlook
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
|
CWE-77
Command Injection
|
CVE-2026-42893
|
2026-05-14 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
