|
211
|
9.9 |
CRITICAL
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44442
|
2026-05-15 01:45 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated u…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44423
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
New
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including
the members list (user IDs, e-mails, roles), settings, and device cou…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44426
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34088
|
2026-05-15 01:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.5 |
HIGH
Network
|
mediawiki
|
checkuser
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.
This issue affects CheckUser: from 1.45.0 before 1.45.2.
Update
|
CWE-200
Information Exposure
|
CVE-2026-34090
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34091
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Skin/Skin.Php.
This issue…
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34092
|
2026-05-15 01:41 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on …
New
|
CWE-22
Path Traversal
|
CVE-2026-44440
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
