|
131
|
6.1 |
MEDIUM
Network
|
-
|
-
|
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Att…
New
|
CWE-79
Cross-site Scripting
|
CVE-2023-54349
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious …
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2023-54348
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers c…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2023-54347
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file path…
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2023-54346
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
8.8 |
HIGH
Network
|
-
|
-
|
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr…
New
|
CWE-94
Code Injection
|
CVE-2023-54345
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface.…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54344
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54342
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-5 20:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-5 20:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
- |
|
-
|
-
|
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'),…
New
|
CWE-22
CWE-113
CWE-346
CWE-400
Path Traversal
HTTP Response Splitting
Origin Validation Error
Uncontrolled Resource Consumption
|
CVE-2026-43870
|
2026-05-5 19:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
