|
331
|
5.3 |
MEDIUM
Local
|
-
|
-
|
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2022-26523
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
New
|
CWE-78
OS Command
|
CVE-2022-45899
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42276
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42277
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
5.8 |
MEDIUM
Network
|
-
|
-
|
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42279
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
7.5 |
HIGH
Network
|
-
|
-
|
Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-27686
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
6.3 |
MEDIUM
Network
|
-
|
-
|
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.
New
|
CWE-77
Command Injection
|
CVE-2024-30167
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
9.1 |
CRITICAL
Network
|
-
|
-
|
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's in…
New
|
CWE-78
OS Command
|
CVE-2024-51092
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
- |
|
-
|
-
|
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil…
New
|
-
|
CVE-2025-67887
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef…
New
|
CWE-78
OS Command
|
CVE-2025-67888
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
