|
201
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25323
|
2026-05-19 02:29 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
9.1 |
CRITICAL
Network
|
dovecot
open-xchange
|
dovecot
|
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP …
Update
|
CWE-235
Improper Handling of Extra Parameters
|
CVE-2026-27851
|
2026-05-19 02:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
7.4 |
HIGH
Network
|
-
|
-
|
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant own…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41947
|
2026-05-19 02:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
7.7 |
HIGH
Network
|
-
|
-
|
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficie…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-41948
|
2026-05-19 02:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document acr…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41949
|
2026-05-19 02:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS com…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44366
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45622
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order hist…
New
|
CWE-89
SQL Injection
|
CVE-2026-45800
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
7.5 |
HIGH
Network
|
-
|
-
|
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX …
New
|
CWE-22
Path Traversal
|
CVE-2018-25325
|
2026-05-19 02:28 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25327
|
2026-05-19 02:28 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
