|
371
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFuncti…
New
|
CWE-20
CWE-917
Improper Input Validation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-8759
|
2026-05-18 00:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…
New
|
CWE-22
Path Traversal
|
CVE-2026-8757
|
2026-05-17 23:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the comp…
New
|
CWE-22
Path Traversal
|
CVE-2026-8756
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl…
New
|
CWE-22
Path Traversal
|
CVE-2026-8755
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
8.2 |
HIGH
Network
|
-
|
-
|
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
New
|
CWE-89
SQL Injection
|
CVE-2018-25333
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
9.8 |
CRITICAL
Network
|
-
|
-
|
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25332
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2018-25331
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …
New
|
CWE-94
Code Injection
|
CVE-2018-25320
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-8752
|
2026-05-17 21:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a…
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8751
|
2026-05-17 21:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
