|
2381
|
6.1 |
MEDIUM
Network
|
-
|
-
|
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted …
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-26028
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2382
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying has…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-47373
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2383
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue p…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39960
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2384
|
7.5 |
HIGH
Network
|
-
|
-
|
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademli…
|
CWE-252
Unchecked Return Value
|
CVE-2026-40092
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2385
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-47372
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2386
|
4.3 |
MEDIUM
Network
|
-
|
-
|
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and s…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-40094
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2387
|
- |
|
-
|
-
|
The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients,…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-9137
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2388
|
- |
|
-
|
-
|
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9136
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2389
|
- |
|
-
|
-
|
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-0393
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2390
|
- |
|
-
|
-
|
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6841
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
