|
391
|
7.5 |
HIGH
Network
|
-
|
-
|
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoi…
New
|
CWE-22
Path Traversal
|
CVE-2021-47942
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
9.8 |
CRITICAL
Network
|
-
|
-
|
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
New
|
CWE-415
Double Free
|
CVE-2020-37239
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
6.4 |
MEDIUM
Network
|
-
|
-
|
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news additio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2020-37236
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can …
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-37234
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
7.8 |
HIGH
Local
|
-
|
-
|
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37231
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
7.8 |
HIGH
Local
|
-
|
-
|
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37230
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
7.8 |
HIGH
Local
|
-
|
-
|
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37229
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
9.8 |
CRITICAL
Network
|
-
|
-
|
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-37228
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-13874
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject …
Update
|
CWE-94
Code Injection
|
CVE-2025-12669
|
2026-05-16 12:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
