|
251
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection.
This issue affects YITH WooCom…
New
|
CWE-89
SQL Injection
|
CVE-2026-42383
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affect…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45443
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
8.1 |
HIGH
Network
|
-
|
-
|
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-47107
|
2026-05-20 22:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
7.3 |
HIGH
Network
|
-
|
-
|
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation…
New
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-26462
|
2026-05-20 22:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
- |
|
-
|
-
|
A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks.
New
|
CWE-94
Code Injection
|
CVE-2026-6902
|
2026-05-20 16:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
- |
|
-
|
-
|
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start…
Update
|
CWE-284
CWE-427
CWE-829
Improper Access Control
Uncontrolled Search Path Element
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-7373
|
2026-05-20 08:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
9.1 |
CRITICAL
Network
|
adenhq
|
hive
|
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…
Update
|
CWE-22
Path Traversal
|
CVE-2026-8757
|
2026-05-20 06:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code
|
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-8765
|
2026-05-20 06:21 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42526
|
2026-05-20 06:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
8.7 |
HIGH
Local
|
-
|
-
|
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actio…
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-27173
|
2026-05-20 06:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
