|
1881
|
4.9 |
MEDIUM
Network
|
papercut
|
papercut_mf
papercut_ng
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-13 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvO…
|
CWE-20
Improper Input Validation
|
CVE-2026-28860
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
7.5 |
HIGH
Network
|
apple
|
macos
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-28848
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
7.8 |
HIGH
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.
|
CWE-269
Improper Privilege Management
|
CVE-2026-28840
|
2026-05-13 00:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2…
|
CWE-89
SQL Injection
|
CVE-2026-8207
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PH…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-8208
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of th…
|
CWE-23
Relative Path Traversal
|
CVE-2026-8209
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patc…
|
CWE-862
Missing Authorization
|
CVE-2026-42051
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…
|
CWE-862
Missing Authorization
|
CVE-2026-42069
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-42137
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
