|
1031
|
4.7 |
MEDIUM
Network
|
-
|
-
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-52206
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen…
Update
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-43002
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
7.7 |
HIGH
Network
|
-
|
-
|
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
Update
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-42997
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
7.5 |
HIGH
Network
|
-
|
-
|
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
Update
|
CWE-284
Improper Access Control
|
CVE-2024-52911
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
8.1 |
HIGH
Network
|
-
|
-
|
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
Update
|
CWE-89
SQL Injection
|
CVE-2026-44331
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
- |
|
-
|
-
|
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-39402
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
3.4 |
LOW
Adjacent
|
-
|
-
|
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44405
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
- |
|
-
|
-
|
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /di…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29080
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
Update
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
- |
|
-
|
-
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
