|
131
|
- |
|
-
|
-
|
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-cont…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7460
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
- |
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.
'Elixir.PhoenixStorybook.Stor…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47068
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
- |
|
-
|
-
|
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign…
New
|
CWE-94
Code Injection
|
CVE-2026-8467
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.
Multiple LiveView event…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8469
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
8.6 |
HIGH
Network
|
tenable
|
terrascan
|
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/sca…
New
|
CWE-73
CWE-610
CWE-918
External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)
|
CVE-2026-47357
|
2026-05-20 23:23 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8960
|
2026-05-20 23:20 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
8.6 |
HIGH
Network
|
tenable
|
terrascan
|
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM …
New
|
CWE-73
CWE-610
CWE-918
External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)
|
CVE-2026-47358
|
2026-05-20 23:18 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…
New
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2026-32738
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-32739
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Obfuscate allows Cross-Site Scripting (XSS).
This issue affects Obfuscate: from 0.0.0 bef…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6871
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
