|
811
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41685
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41675
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-41673
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
8.2 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML …
New
|
CWE-20
CWE-601
Improper Input Validation
Open Redirect
|
CVE-2026-41670
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
8.2 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call …
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41669
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
5.2 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The …
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-41662
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
2.7 |
LOW
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, C…
New
|
CWE-200
Information Exposure
|
CVE-2026-41659
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI l…
New
|
CWE-862
Missing Authorization
|
CVE-2026-41658
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
4.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allow…
New
|
CWE-22
Path Traversal
|
CVE-2026-41656
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a mal…
New
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-41643
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
