|
861
|
5.9 |
MEDIUM
Network
|
-
|
-
|
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.
New
|
CWE-284
Improper Access Control
|
CVE-2026-33381
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.
Th…
New
|
CWE-89
SQL Injection
|
CVE-2025-11024
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking.
This issue affects E-Commerce Website: b…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2347
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs.
This i…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-12008
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.
…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6008
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Ex…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-15025
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying …
New
|
CWE-94
CWE-1321
Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44005
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
9.9 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin expos…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-43999
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
5.6 |
MEDIUM
Local
|
-
|
-
|
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-29338
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
7.3 |
HIGH
Network
|
-
|
-
|
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-55045
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
