|
251
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking pro…
New
|
CWE-548
Exposure of Information Through Directory Listing
|
CVE-2026-41933
|
2026-05-15 01:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
7.1 |
HIGH
Network
|
-
|
-
|
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite rec…
New
|
CWE-209
CWE-674
Information Exposure Through an Error Message
Uncontrolled Recursion
|
CVE-2026-41935
|
2026-05-15 01:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
7.2 |
HIGH
Network
|
-
|
-
|
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP f…
New
|
CWE-61
CWE-434
UNIX Symbolic Link (Symlink) Following
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41937
|
2026-05-15 01:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
- |
|
-
|
-
|
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-0235
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
- |
|
-
|
-
|
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverag…
New
|
CWE-94
Code Injection
|
CVE-2026-0236
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
- |
|
-
|
-
|
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0238
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
- |
|
-
|
-
|
An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-0239
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
- |
|
-
|
-
|
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-0240
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
- |
|
-
|
-
|
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-0241
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
- |
|
-
|
-
|
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an at…
New
|
CWE-89
SQL Injection
|
CVE-2026-0242
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
