|
2961
|
7.5 |
HIGH
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controll…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-29962
|
2026-05-20 02:21 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2962
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-6340
|
2026-05-20 02:21 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2963
|
7.5 |
HIGH
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without …
|
CWE-22
Path Traversal
|
CVE-2026-29963
|
2026-05-20 02:21 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2964
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29964
|
2026-05-20 02:20 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2965
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29965
|
2026-05-20 02:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2966
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with…
|
CWE-863
Incorrect Authorization
|
CVE-2026-28732
|
2026-05-20 02:18 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2967
|
5.0 |
MEDIUM
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33234
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2968
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input…
|
CWE-78
OS Command
|
CVE-2026-27130
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2969
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8548
|
2026-05-20 02:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2970
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-8549
|
2026-05-20 01:58 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
