|
541
|
7.2 |
HIGH
Network
|
-
|
-
|
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann…
|
CWE-912
Hidden Functionality
|
CVE-2026-7413
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
6.6 |
MEDIUM
Local
|
-
|
-
|
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-45130
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
3.8 |
LOW
Network
|
-
|
-
|
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th…
|
CWE-269
Improper Privilege Management
|
CVE-2026-44987
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
- |
|
-
|
-
|
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
|
CWE-78
OS Command
|
CVE-2026-44656
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
8.9 |
HIGH
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42556
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t…
|
CWE-78
OS Command
|
CVE-2026-42454
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
8.1 |
HIGH
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-42452
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java…
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-42451
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulne…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42354
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
8.6 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to reques…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42352
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
