|
391
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remot…
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44129
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system i…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-7864
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
- |
|
-
|
-
|
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6736
|
2026-05-9 00:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
- |
|
-
|
-
|
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON p…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7541
|
2026-05-9 00:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi…
New
|
CWE-436
CWE-918
Interpretation Conflict
Server-Side Request Forgery (SSRF)
|
CVE-2026-8034
|
2026-05-9 00:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
- |
|
-
|
-
|
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8106
|
2026-05-9 00:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
8.1 |
HIGH
Network
|
-
|
-
|
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands…
New
|
CWE-78
OS Command
|
CVE-2022-50994
|
2026-05-9 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access …
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41928
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41929
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
8.6 |
HIGH
Network
|
-
|
-
|
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per…
New
|
CWE-89
SQL Injection
|
CVE-2026-4935
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
