|
1871
|
5.4 |
MEDIUM
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42612
|
2026-05-13 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
4.8 |
MEDIUM
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML thro…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42841
|
2026-05-13 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
6.5 |
MEDIUM
Local
|
linuxcontainers
|
lxc
|
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network …
|
CWE-863
Incorrect Authorization
|
CVE-2026-39402
|
2026-05-13 01:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1874
|
5.3 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44201
|
2026-05-13 00:59 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44197
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
4.3 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44198
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44199
|
2026-05-13 00:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
6.5 |
MEDIUM
Network
|
torchbox
|
wagtail
|
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of …
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-44200
|
2026-05-13 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
4.7 |
MEDIUM
Network
|
ispconfig
|
ispconfig
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
|
CWE-79
Cross-site Scripting
|
CVE-2025-52206
|
2026-05-13 00:54 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
5.9 |
MEDIUM
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42225
|
2026-05-13 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
