|
1281
|
9.8 |
CRITICAL
Network
|
cpanel
|
cpanel
whm
wp_squared
|
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41940
|
2026-05-5 03:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1282
|
6.5 |
MEDIUM
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing…
|
CWE-126
Buffer Over-read
|
CVE-2026-6238
|
2026-05-5 02:57 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1283
|
7.5 |
HIGH
Network
|
xwiki
|
cryptpad
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-5 01:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1284
|
8.8 |
HIGH
Network
|
progress
|
moveit_automation
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-5 01:47 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1285
|
6.5 |
MEDIUM
Network
|
-
|
-
|
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5337
|
2026-05-5 00:23 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1286
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-5335
|
2026-05-5 00:23 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1287
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel.
This allows a compromised or rogue Velociraptor client to crash the server …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-6948
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1288
|
7.5 |
HIGH
Network
|
-
|
-
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and …
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-33846
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1289
|
8.8 |
HIGH
Local
|
-
|
-
|
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res…
|
CWE-1386
Insecure Operation on Windows Junction / Mount Point
|
CVE-2025-58074
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1290
|
8.3 |
HIGH
Network
|
-
|
-
|
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-6266
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
