|
2071
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attacker…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-44112
|
2026-05-14 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2072
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver…
|
CWE-643
XPath Injection
|
CVE-2026-40699
|
2026-05-14 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2073
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-40462
|
2026-05-14 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2074
|
8.8 |
HIGH
Network
|
litellm
|
litellm
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templ…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-42203
|
2026-05-14 02:14 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2075
|
5.4 |
MEDIUM
Network
|
langfuse
|
langfuse
|
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An a…
|
CWE-284
Improper Access Control
|
CVE-2026-41487
|
2026-05-14 02:12 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2076
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
|
CWE-328
Use of Weak Hash
|
CVE-2020-37168
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2077
|
5.5 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2020-37169
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2078
|
5.5 |
MEDIUM
Network
|
-
|
-
|
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design …
|
CWE-79
Cross-site Scripting
|
CVE-2020-37174
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2079
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…
|
CWE-352
Origin Validation Error
|
CVE-2020-37217
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2080
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
|
CWE-89
SQL Injection
|
CVE-2020-37218
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
