|
731
|
- |
|
-
|
-
|
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42881
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
8.1 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existi…
|
CWE-269
CWE-285
CWE-639
CWE-837
Improper Privilege Management
Improper Authorization
Authorization Bypass Through User-Controlled Key
Improper Enforcement of a Single, Unique Action
|
CVE-2026-42609
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers…
|
CWE-73
CWE-918
External Control of File Name or Path
Server-Side Request Forgery (SSRF)
|
CVE-2026-42597
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
8.2 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42591
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
8.2 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t…
|
CWE-73
CWE-184
External Control of File Name or Path
Incomplete Blacklist
|
CVE-2026-40893
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
|
CWE-77
Command Injection
|
CVE-2026-44869
|
2026-05-15 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
1.8 |
LOW
Physics
|
-
|
-
|
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-30904
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
7.8 |
HIGH
Local
|
-
|
-
|
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-30905
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
7.8 |
HIGH
Local
|
-
|
-
|
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
CWE-426
Untrusted Search Path
|
CVE-2026-30906
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
5.4 |
MEDIUM
Network
|
-
|
-
|
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without …
|
CWE-79
Cross-site Scripting
|
CVE-2026-43644
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
