|
931
|
- |
|
-
|
-
|
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the w…
New
|
CWE-88
Argument Injection
|
CVE-2026-7865
|
2026-05-7 23:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
8.0 |
HIGH
Network
|
-
|
-
|
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
New
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2024-43384
|
2026-05-7 23:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
- |
|
-
|
-
|
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep…
New
|
-
|
CVE-2026-6860
|
2026-05-7 23:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.
Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_…
New
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5081
|
2026-05-7 23:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
7.5 |
HIGH
Network
|
-
|
-
|
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …
New
|
-
|
CVE-2026-23870
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.
This issue affects MISP before 2.5.37.
A stored cross-si…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8080
|
2026-05-7 23:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
6.5 |
MEDIUM
Network
|
-
|
-
|
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2025-42611
|
2026-05-7 23:51 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
- |
|
-
|
-
|
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data…
New
|
CWE-20
CWE-352
CWE-917
Improper Input Validation
Origin Validation Error
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-28201
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
- |
|
-
|
-
|
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-33587
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-33588
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
