|
2501
|
5.5 |
MEDIUM
Local
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2025-46371
|
2026-05-23 05:40 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2502
|
7.1 |
HIGH
Network
|
-
|
-
|
Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve a…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9291
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2503
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon explo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40596
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2504
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Pol…
|
CWE-79
CWE-358
Cross-site Scripting
Improperly Implemented Security Check for Standard
|
CVE-2026-40597
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2505
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an att…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40607
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2506
|
8.8 |
HIGH
Network
|
litellm
|
litellm
|
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47102
|
2026-05-23 04:39 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2507
|
8.8 |
HIGH
Network
|
litellm
|
litellm
|
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47101
|
2026-05-23 04:39 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2508
|
9.8 |
CRITICAL
Network
|
drupal
|
drupal
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.
This issue affects Drupal core: from 8.9.0 before 10.4.…
|
CWE-89
SQL Injection
|
CVE-2026-9082
|
2026-05-23 04:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2509
|
7.5 |
HIGH
Network
|
apache
|
cxf
|
The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use…
|
CWE-20
Improper Input Validation
|
CVE-2026-44417
|
2026-05-23 04:29 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2510
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to g…
|
CWE-863
Incorrect Authorization
|
CVE-2026-28735
|
2026-05-23 04:28 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
