|
2741
|
8.1 |
HIGH
Network
|
-
|
-
|
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in …
|
CWE-863
Incorrect Authorization
|
CVE-2026-44633
|
2026-05-15 23:44 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2742
|
- |
|
-
|
-
|
Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, …
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-44522
|
2026-05-15 23:44 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2743
|
9.3 |
CRITICAL
Network
|
-
|
-
|
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An u…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44212
|
2026-05-15 23:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2744
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script …
|
CWE-79
Cross-site Scripting
|
CVE-2026-24662
|
2026-05-15 23:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2745
|
8.1 |
HIGH
Network
|
-
|
-
|
Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr…
|
CWE-352
Origin Validation Error
|
CVE-2026-28761
|
2026-05-15 23:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2746
|
6.5 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
|
CWE-22
CWE-36
Path Traversal
Absolute Path Traversal
|
CVE-2026-42315
|
2026-05-15 23:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2747
|
5.5 |
MEDIUM
Local
|
microsoft
|
live_preview
|
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
|
CWE-22
CWE-23
Path Traversal
Relative Path Traversal
|
CVE-2026-41612
|
2026-05-15 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2748
|
8.8 |
HIGH
Network
|
microsoft
|
visual_studio_code
|
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
|
CWE-78
CWE-384
OS Command
Session Fixation
|
CVE-2026-41613
|
2026-05-15 23:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2749
|
7.5 |
HIGH
Network
|
webtechnologies
|
changedetection
|
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vu…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-43891
|
2026-05-15 23:20 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2750
|
6.7 |
MEDIUM
Local
|
fortinet
|
fortiap
fortiap-w2
|
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versi…
|
CWE-78
OS Command
|
CVE-2025-53870
|
2026-05-15 23:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
