|
221
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on…
New
|
CWE-94
Code Injection
|
CVE-2026-38431
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
6.1 |
MEDIUM
Network
|
-
|
-
|
ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38432
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
- |
|
-
|
-
|
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-31835
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
- |
|
-
|
-
|
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-31893
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
- |
|
-
|
-
|
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que…
New
|
CWE-89
SQL Injection
|
CVE-2026-33324
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
- |
|
-
|
-
|
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing …
New
|
CWE-862
Missing Authorization
|
CVE-2026-33420
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
- |
|
-
|
-
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t…
New
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-34084
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
- |
|
-
|
-
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35453
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
8.8 |
HIGH
Network
|
-
|
-
|
A remote code execution vulnerability
exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated
user with System Setting permissions can execute arbitrary commands on the
server b…
New
|
CWE-94
Code Injection
|
CVE-2026-7841
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered a…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34473
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
