|
411
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arb…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6073
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg…
|
CWE-862
Missing Authorization
|
CVE-2026-6883
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7377
|
2026-05-16 12:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
7.1 |
HIGH
Network
|
datahub
|
datahub
|
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44501
|
2026-05-16 12:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
5.3 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from `ctx…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-64526
|
2026-05-16 12:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
7.2 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in t…
|
CWE-89
SQL Injection
|
CVE-2026-22599
|
2026-05-16 12:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-22706
|
2026-05-16 12:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
5.4 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restr…
|
CWE-434
CWE-693
Unrestricted Upload of File with Dangerous Type
Protection Mechanism Failure
|
CVE-2026-22707
|
2026-05-16 12:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
7.5 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational…
|
CWE-22
CWE-200
CWE-943
Path Traversal
Information Exposure
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-27886
|
2026-05-16 12:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
8.8 |
HIGH
Adjacent
|
zyxel
|
wre6505_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat…
|
CWE-78
OS Command
|
CVE-2026-7256
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
