|
1691
|
- |
|
-
|
-
|
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker …
|
CWE-352
Origin Validation Error
|
CVE-2026-44364
|
2026-05-15 01:54 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1692
|
- |
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating tha…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42548
|
2026-05-15 01:51 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1693
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nett…
|
CWE-22
Path Traversal
|
CVE-2026-42549
|
2026-05-15 01:51 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1694
|
8.8 |
HIGH
Network
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by concatenating the $table argument and the k…
|
CWE-89
SQL Injection
|
CVE-2026-42550
|
2026-05-15 01:51 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1695
|
7.5 |
HIGH
Network
|
-
|
-
|
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb…
|
CWE-436
Interpretation Conflict
|
CVE-2026-42551
|
2026-05-15 01:51 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1696
|
7.2 |
HIGH
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_ad…
|
CWE-89
SQL Injection
|
CVE-2026-39358
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1697
|
4.8 |
MEDIUM
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2026-39428
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1698
|
7.2 |
HIGH
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order,…
|
CWE-94
Code Injection
|
CVE-2026-45708
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1699
|
9.1 |
CRITICAL
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and …
|
CWE-94
CWE-1336
Code Injection
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44377
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1700
|
4.9 |
MEDIUM
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORDER BY SQL fragment from the attacker-con…
|
CWE-89
SQL Injection
|
CVE-2026-45054
|
2026-05-15 01:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
