|
1921
|
8.1 |
HIGH
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44260
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1922
|
4.6 |
MEDIUM
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade…
|
CWE-80
Basic XSS
|
CVE-2026-44259
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1923
|
3.7 |
LOW
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44242
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1924
|
7.5 |
HIGH
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeForma…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44241
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1925
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exp…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-44113
|
2026-05-14 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1926
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user …
|
CWE-479
|
CVE-2026-44011
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1927
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filteri…
|
CWE-862
Missing Authorization
|
CVE-2026-44010
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1928
|
9.9 |
CRITICAL
Network
|
-
|
-
|
wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object …
|
CWE-863
Incorrect Authorization
|
CVE-2026-43948
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1929
|
6.8 |
MEDIUM
Network
|
bx33661
|
wireshark_mcp
|
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_expor…
|
CWE-22
Path Traversal
|
CVE-2026-43901
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1930
|
7.7 |
HIGH
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken aut…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-43890
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
