|
1
|
8.1 |
HIGH
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing se…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-46402
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.8 |
HIGH
Local
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in …
New
|
CWE-78
OS Command
|
CVE-2026-45322
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
8.8 |
HIGH
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fie…
New
|
CWE-290
CWE-639
CWE-862
Authentication Bypass by Spoofing
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-46414
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult…
New
|
CWE-284
CWE-488
Improper Access Control
Exposure of Data Element to Wrong Session
|
CVE-2026-46416
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id onl…
New
|
CWE-294
CWE-345
Authentication Bypass by Capture-replay
Insufficient Verification of Data Authenticity
|
CVE-2026-46538
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages a…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46544
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of hand…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47096
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47097
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
- |
|
-
|
-
|
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST re…
New
|
CWE-287
Improper Authentication
|
CVE-2026-8979
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
- |
|
-
|
-
|
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer a…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-8980
|
2026-05-29 03:56 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
