|
1701
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34088
|
2026-05-15 01:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1702
|
7.5 |
HIGH
Network
|
mediawiki
|
checkuser
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.
This issue affects CheckUser: from 1.45.0 before 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34090
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34091
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Skin/Skin.Php.
This issue…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34092
|
2026-05-15 01:41 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on …
|
CWE-22
Path Traversal
|
CVE-2026-44440
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
5.0 |
MEDIUM
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44441
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
- |
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab…
|
CWE-611
XXE
|
CVE-2026-44445
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would all…
|
CWE-89
SQL Injection
|
CVE-2026-44446
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious…
|
CWE-89
SQL Injection
|
CVE-2026-44447
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted ses…
|
CWE-22
Path Traversal
|
CVE-2026-22677
|
2026-05-15 01:24 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
