|
1311
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9519
|
2026-05-26 11:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file view_students.php of the component Students Controller. T…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9518
|
2026-05-26 11:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0, GS1200-5HPv3 firmware versions through 1.00(A…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4795
|
2026-05-26 11:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
- |
|
-
|
-
|
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without va…
New
|
CWE-59
CWE-732
Link Following
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-42497
|
2026-05-26 11:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
- |
|
-
|
-
|
The GDPR cookies module for Backdrop CMS (before
1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info conte…
New
|
CWE-80
Basic XSS
|
CVE-2025-71310
|
2026-05-26 11:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student M…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9517
|
2026-05-26 09:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
5.4 |
MEDIUM
Network
|
webmin
|
webmin
|
Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attack…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-22678
|
2026-05-26 09:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
- |
|
-
|
-
|
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt d…
New
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-48700
|
2026-05-25 05:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/rds: reset op_nents when zerocopy page pin fails
When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinne…
|
-
|
CVE-2026-43494
|
2026-05-23 21:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
8.1 |
HIGH
Network
|
-
|
-
|
shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9277
|
2026-05-23 13:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
