|
2371
|
7.3 |
HIGH
Local
|
-
|
-
|
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
|
CWE-20
CWE-190
Improper Input Validation
Integer Overflow or Wraparound
|
CVE-2026-35433
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2372
|
8.3 |
HIGH
Network
|
-
|
-
|
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
|
CWE-862
Missing Authorization
|
CVE-2026-35438
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2373
|
8.8 |
HIGH
Network
|
-
|
-
|
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
|
CWE-73
External Control of File Name or Path
|
CVE-2026-40370
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2374
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
|
CWE-200
Information Exposure
|
CVE-2026-40379
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2375
|
7.8 |
HIGH
Local
|
-
|
-
|
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
|
CWE-1390
Weak Authentication
|
CVE-2026-40417
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2376
|
7.2 |
HIGH
Network
|
-
|
-
|
An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.
This issue affe…
|
CWE-77
Command Injection
|
CVE-2026-8431
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2377
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.
Multiple endpoints fetched user-owned objects witho…
|
CWE-284
Improper Access Control
|
CVE-2026-7813
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2378
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules.
User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigne…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7814
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2379
|
8.8 |
HIGH
Network
|
-
|
-
|
SQL injection vulnerability in pgAdmin 4 Maintenance Tool.
Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly i…
|
CWE-89
SQL Injection
|
CVE-2026-7815
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2380
|
8.8 |
HIGH
Network
|
-
|
-
|
OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.
User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An aut…
|
CWE-89
SQL Injection
|
CVE-2026-7816
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
