|
241
|
7.5 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-46366
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
7.6 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46367
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
6.1 |
MEDIUM
Network
|
siemens
|
teamcenter
|
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-33862
|
2026-05-19 02:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
4.3 |
MEDIUM
Network
|
dovecot
open-xchange
|
dovecot
|
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42006
|
2026-05-19 02:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
8.8 |
HIGH
Network
|
fortinet
|
fortindr
|
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions…
Update
|
CWE-89
SQL Injection
|
CVE-2026-25088
|
2026-05-19 02:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortideceptor
|
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2…
Update
|
CWE-88
Argument Injection
|
CVE-2026-25690
|
2026-05-19 02:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-8843
|
2026-05-19 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
- |
|
-
|
-
|
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicio…
New
|
CWE-94
Code Injection
|
CVE-2026-45829
|
2026-05-19 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
9.1 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
Update
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-19 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-47959
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
