|
1461
|
4.3 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
Update
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44198
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1462
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
Update
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44199
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1463
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of …
Update
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44200
|
2026-05-13 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1464
|
4.7 |
MEDIUM
Network
|
ispconfig
|
ispconfig
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-52206
|
2026-05-13 00:54 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1465
|
5.9 |
MEDIUM
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42225
|
2026-05-13 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1466
|
4.9 |
MEDIUM
Network
|
papercut
|
papercut_mf
papercut_ng
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
Update
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-13 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1467
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvO…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-28860
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1468
|
7.5 |
HIGH
Network
|
apple
|
macos
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-28848
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1469
|
7.8 |
HIGH
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-28840
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1470
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2…
Update
|
CWE-89
SQL Injection
|
CVE-2026-8207
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
