|
551
|
8.8 |
HIGH
Network
|
-
|
-
|
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin …
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-45223
|
2026-05-12 23:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
7.1 |
HIGH
Local
|
-
|
-
|
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the inten…
New
|
CWE-22
Path Traversal
|
CVE-2026-45224
|
2026-05-12 23:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
8.1 |
HIGH
Network
|
linuxfoundation
|
dapr
|
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before …
Update
|
CWE-22
CWE-284
NVD-CWE-noinfo
Path Traversal
Improper Access Control
|
CVE-2026-41491
|
2026-05-12 23:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
8.2 |
HIGH
Network
|
-
|
-
|
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can …
New
|
CWE-89
SQL Injection
|
CVE-2021-47930
|
2026-05-12 23:47 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47947
|
2026-05-12 23:47 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
7.3 |
HIGH
Network
|
-
|
-
|
The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execut…
New
|
-
|
CVE-2026-6433
|
2026-05-12 23:47 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
- |
|
-
|
-
|
Vulnerability in Wikimedia Foundation AbuseFilter.
This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-34086
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
- |
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
New
|
CWE-200
Information Exposure
|
CVE-2026-34087
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
- |
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
New
|
CWE-200
Information Exposure
|
CVE-2026-34088
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
- |
|
-
|
-
|
Vulnerability in Wikimedia Foundation Scribunto.
This issue affects Scribunto: from 1.45.0 before 1.45.2.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34089
|
2026-05-12 23:45 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
