|
2451
|
6.5 |
MEDIUM
Network
|
splunk
|
ai_toolkit
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-26 21:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2452
|
3.8 |
LOW
Network
|
-
|
-
|
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma…
|
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
|
CVE-2026-44410
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2453
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion.
This issue affects SW Core…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39661
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2454
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection.
This issue affects Nyla: from n/a through 1.7.
|
CWE-80
Basic XSS
|
CVE-2026-39642
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2455
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.
This issue affects Geo Mashup: from n/a through 1.13.18.
|
CWE-79
Cross-site Scripting
|
CVE-2026-27427
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2456
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects RepairBuddy: from n/a through 4.1121.
|
CWE-862
Missing Authorization
|
CVE-2026-24638
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2457
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Paid Videochat Turnkey…
|
CWE-862
Missing Authorization
|
CVE-2026-24590
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2458
|
7.5 |
HIGH
Network
|
-
|
-
|
The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw t…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-8047
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2459
|
8.1 |
HIGH
Network
|
-
|
-
|
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including tho…
|
CWE-863
Incorrect Authorization
|
CVE-2026-8046
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2460
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Mayosis Core: from n/a through 5.4.7.
|
CWE-862
Missing Authorization
|
CVE-2026-39655
|
2026-05-26 17:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
