|
2061
|
7.4 |
HIGH
Network
|
-
|
-
|
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41872
|
2026-05-13 00:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
- |
|
-
|
-
|
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited…
|
CWE-1392
Use of Default Credentials
|
CVE-2026-7428
|
2026-05-13 00:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
8.1 |
HIGH
Network
|
-
|
-
|
HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission …
|
CWE-352
Origin Validation Error
|
CVE-2026-38566
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
9.8 |
CRITICAL
Network
|
-
|
-
|
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c…
|
CWE-89
SQL Injection
|
CVE-2026-38567
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61305
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61306
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61307
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61308
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61309
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61310
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
