|
241
|
7.5 |
HIGH
Network
|
isc
|
bind
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…
New
|
CWE-20
CWE-125
CWE-617
CWE-754
CWE-843
Improper Input Validation
Out-of-bounds Read
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
Type Confusion
|
CVE-2026-5946
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
7.5 |
HIGH
Network
|
isc
|
bind
|
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typ…
New
|
CWE-771
Missing Reference to Active Allocated Resource
|
CVE-2026-3039
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
8.6 |
HIGH
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…
New
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-39310
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.…
New
|
CWE-22
Path Traversal
|
CVE-2026-39352
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package t…
New
|
CWE-22
Path Traversal
|
CVE-2026-39405
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
7.4 |
HIGH
Network
|
-
|
-
|
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls ext…
New
|
CWE-20
CWE-98
Improper Input Validation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39850
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-39311
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.
This issue affects Drupal core: from 8.9.0 before 10.4.…
New
|
CWE-89
SQL Injection
|
CVE-2026-9082
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can…
New
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9102
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesys…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-9129
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
