|
1441
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/…
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-8319
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8320
|
2026-05-13 01:38 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
- |
|
-
|
-
|
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in ra…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-6866
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
4.4 |
MEDIUM
Local
|
-
|
-
|
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a sh…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-7431
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
7.8 |
HIGH
Local
|
-
|
-
|
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
New
|
CWE-362
Race Condition
|
CVE-2026-7432
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
7.2 |
HIGH
Network
|
-
|
-
|
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
New
|
CWE-78
OS Command
|
CVE-2026-8051
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-8109
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
7.8 |
HIGH
Local
|
-
|
-
|
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8110
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1449
|
8.8 |
HIGH
Network
|
-
|
-
|
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
New
|
CWE-89
SQL Injection
|
CVE-2026-8111
|
2026-05-13 01:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
8.8 |
HIGH
Network
|
pi-hole
|
ftldns
|
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac…
Update
|
CWE-93
CRLF Injection
|
CVE-2026-39849
|
2026-05-13 01:27 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
