|
781
|
7.1 |
HIGH
Network
|
-
|
-
|
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
New
|
CWE-89
SQL Injection
|
CVE-2026-46446
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
782
|
- |
|
-
|
-
|
Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitizat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5790
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
783
|
- |
|
-
|
-
|
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated at…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5798
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
784
|
9.9 |
CRITICAL
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44442
|
2026-05-15 01:45 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
785
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
786
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
New
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
787
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including
the members list (user IDs, e-mails, roles), settings, and device cou…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44426
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
788
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34088
|
2026-05-15 01:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
789
|
7.5 |
HIGH
Network
|
mediawiki
|
checkuser
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.
This issue affects CheckUser: from 1.45.0 before 1.45.2.
Update
|
CWE-200
Information Exposure
|
CVE-2026-34090
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
790
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34091
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
