|
1261
|
- |
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser control…
New
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-32699
|
2026-05-7 06:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker ca…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40309
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40174
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens for content restoration requests…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40325
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in `csettings.cfc` does not properly validate anti-CSRF tokens for site bundle cre…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-40326
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
- |
|
-
|
-
|
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal pa…
New
|
CWE-601
Open Redirect
|
CVE-2026-40332
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fuse: abort on fatal signal during sync init
When sync init is used and the server exits for some reason (error, crash)
while pro…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31713
|
2026-05-7 06:13 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid memory leak in f2fs_rename()
syzbot reported a f2fs bug as below:
BUG: memory leak
unreferenced object 0xffff…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31714
|
2026-05-7 06:12 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: validate rec->used in journal-replay file record check
check_file_record() validates rec->total against the record size…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31716
|
2026-05-7 06:10 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
8.8 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate owner of durable handle on reconnect
Currently, ksmbd does not verify if the user attempting to reconnect
to a du…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31717
|
2026-05-7 06:08 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
