|
2191
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashb…
|
CWE-352
CWE-829
Origin Validation Error
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-8428
|
2026-05-26 23:57 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2192
|
4.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and procee…
|
CWE-352
Origin Validation Error
|
CVE-2026-7882
|
2026-05-26 23:56 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
4.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version…
|
CWE-352
Origin Validation Error
|
CVE-2026-8340
|
2026-05-26 23:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
9.8 |
CRITICAL
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are h…
|
CWE-287
CWE-295
Improper Authentication
Improper Certificate Validation
|
CVE-2026-32253
|
2026-05-26 23:43 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2195
|
8.1 |
HIGH
Network
|
ruby-lang
|
ruby
|
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remot…
|
CWE-362
Race Condition
|
CVE-2026-46727
|
2026-05-26 23:22 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2196
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9544
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9542
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2198
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. I…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-9540
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2199
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipul…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-9500
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2200
|
7.5 |
HIGH
Network
|
-
|
-
|
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp…
|
CWE-1333
CWE-400
Inefficient Regular Expression Complexity
Uncontrolled Resource Consumption
|
CVE-2026-9496
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
