|
1191
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.
Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_…
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5081
|
2026-05-7 23:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1192
|
7.5 |
HIGH
Network
|
-
|
-
|
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …
|
-
|
CVE-2026-23870
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1193
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.
This issue affects MISP before 2.5.37.
A stored cross-si…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8080
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1194
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-7 23:51 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1195
|
- |
|
-
|
-
|
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data…
|
CWE-20
CWE-352
CWE-917
Improper Input Validation
Origin Validation Error
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-28201
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1196
|
- |
|
-
|
-
|
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S…
|
CWE-20
Improper Input Validation
|
CVE-2026-33587
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1197
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33588
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1198
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33589
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1199
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41657
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1200
|
7.1 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41660
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
