|
611
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50966
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50967
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50968
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50969
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50970
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…
Update
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41705
|
2026-05-12 23:20 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
8.0 |
HIGH
Network
|
-
|
-
|
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
New
|
CWE-78
OS Command
|
CVE-2026-4802
|
2026-05-12 23:20 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
8.2 |
HIGH
Network
|
-
|
-
|
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44413
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
5.0 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45000
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
7.1 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox p…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45001
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
