|
971
|
- |
|
-
|
-
|
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
New
|
CWE-611
XXE
|
CVE-2026-6501
|
2026-05-6 05:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
8.8 |
HIGH
Adjacent
|
google
|
android
|
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…
New
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-0073
|
2026-05-6 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated rem…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-32834
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41471
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
7.5 |
HIGH
Network
|
-
|
-
|
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fiel…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-25863
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
7.7 |
HIGH
Network
|
-
|
-
|
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
Update
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-43824
|
2026-05-6 04:47 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2025-70069
|
2026-05-6 04:47 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70070
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
