|
951
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6343
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6345
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47962
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
7.2 |
HIGH
Network
|
-
|
-
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47963
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_des…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47968
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
8.8 |
HIGH
Network
|
-
|
-
|
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-37227
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
7.8 |
HIGH
Local
|
-
|
-
|
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37232
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can ins…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37240
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
8.2 |
HIGH
Network
|
-
|
-
|
Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parame…
|
CWE-89
SQL Injection
|
CVE-2020-37242
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
8.2 |
HIGH
Network
|
-
|
-
|
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl acti…
|
CWE-89
SQL Injection
|
CVE-2020-37243
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
