|
1601
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (…
|
CWE-862
Missing Authorization
|
CVE-2026-44012
|
2026-05-13 23:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
9.9 |
CRITICAL
Network
|
openedx
|
openedx
|
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42858
|
2026-05-13 23:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
8.5 |
HIGH
Network
|
openedx
|
edx-enterprise
|
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42860
|
2026-05-13 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34645
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34646
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
7.4 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34647
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34648
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34649
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34650
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
7.5 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34651
|
2026-05-13 23:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
