|
2971
|
4.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version…
|
CWE-352
Origin Validation Error
|
CVE-2026-8340
|
2026-05-26 23:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2972
|
9.8 |
CRITICAL
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are h…
|
CWE-287
CWE-295
Improper Authentication
Improper Certificate Validation
|
CVE-2026-32253
|
2026-05-26 23:43 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2973
|
8.1 |
HIGH
Network
|
ruby-lang
|
ruby
|
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remot…
|
CWE-362
Race Condition
|
CVE-2026-46727
|
2026-05-26 23:22 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2974
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9544
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2975
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9542
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2976
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. I…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-9540
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2977
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipul…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-9500
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2978
|
7.5 |
HIGH
Network
|
-
|
-
|
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp…
|
CWE-1333
CWE-400
Inefficient Regular Expression Complexity
Uncontrolled Resource Consumption
|
CVE-2026-9496
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2979
|
7.3 |
HIGH
Network
|
-
|
-
|
Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix …
|
CWE-284
Improper Access Control
|
CVE-2026-9495
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2980
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF).
This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-8174
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
