|
901
|
- |
|
-
|
-
|
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-se…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40280
|
2026-05-7 23:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
- |
|
-
|
-
|
Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39383
|
2026-05-7 23:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
New
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-7 23:58 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
9.1 |
CRITICAL
Network
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41201
|
2026-05-7 23:57 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts…
New
|
CWE-22
Path Traversal
|
CVE-2026-41202
|
2026-05-7 23:57 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth …
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41891
|
2026-05-7 23:57 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS.
This issue affects Bricks Builder: from n/a through 1.9.2 t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41554
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.5 |
HIGH
Network
|
-
|
-
|
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
New
|
-
|
CVE-2025-71251
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.5 |
HIGH
Network
|
-
|
-
|
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
New
|
-
|
CVE-2025-71252
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.5 |
HIGH
Network
|
-
|
-
|
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
New
|
-
|
CVE-2025-71253
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
