|
621
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42176
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
- |
|
-
|
-
|
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization …
New
|
CWE-602
CWE-863
Client-Side Enforcement of Server-Side Security
Incorrect Authorization
|
CVE-2026-42160
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
5.3 |
MEDIUM
Network
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming request…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41495
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-29201
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
5.5 |
MEDIUM
Local
|
osgeo
|
gdal
|
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8084
|
2026-05-9 05:11 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
5.5 |
MEDIUM
Local
|
osgeo
|
gdal
|
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bo…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8088
|
2026-05-9 05:11 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
6.5 |
MEDIUM
Network
|
traccar
|
traccar
|
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-27644
|
2026-05-9 05:04 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
5.4 |
MEDIUM
Network
|
traccar
|
traccar
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper …
Update
|
CWE-91
Blind XPath Injection
|
CVE-2026-27693
|
2026-05-9 05:04 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
5.4 |
MEDIUM
Network
|
traccar
|
traccar
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-27694
|
2026-05-9 05:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
