|
1611
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50967
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50968
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50969
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50970
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41705
|
2026-05-12 23:20 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
8.0 |
HIGH
Network
|
-
|
-
|
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
|
CWE-78
OS Command
|
CVE-2026-4802
|
2026-05-12 23:20 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
8.2 |
HIGH
Network
|
-
|
-
|
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44413
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
- |
|
-
|
-
|
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
|
CWE-331
Insufficient Entropy
|
CVE-2026-7210
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
|
-
|
CVE-2026-41712
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
8.2 |
HIGH
Network
|
-
|
-
|
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input ma…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41713
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
