|
861
|
5.0 |
MEDIUM
Network
|
-
|
-
|
An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, an…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-7778
|
2026-05-8 00:12 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplyin…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41950
|
2026-05-8 00:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and par…
Update
|
CWE-22
Path Traversal
|
CVE-2026-6321
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
Update
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
7.8 |
HIGH
Local
|
-
|
-
|
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may b…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-6691
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
Update
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
- |
|
-
|
-
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
Update
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
- |
|
-
|
-
|
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plai…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-7824
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
