|
441
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients …
New
|
CWE-200
CWE-281
CWE-863
Information Exposure
Improper Preservation of Permissions
Incorrect Authorization
|
CVE-2026-34600
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
8.1 |
HIGH
Network
|
-
|
-
|
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on …
New
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-34358
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
8.7 |
HIGH
Network
|
-
|
-
|
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitize…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34241
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-57798
|
2026-05-21 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
8.7 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') …
Update
|
CWE-22
Path Traversal
|
CVE-2026-34653
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
5.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i…
Update
|
NVD-CWE-Other
|
CVE-2026-34654
|
2026-05-21 01:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34655
|
2026-05-21 00:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
4.3 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-34656
|
2026-05-21 00:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
4.8 |
MEDIUM
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-34658
|
2026-05-21 00:50 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
3.4 |
LOW
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-34685
|
2026-05-21 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
