|
2211
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filteri…
|
CWE-862
Missing Authorization
|
CVE-2026-44010
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2212
|
9.9 |
CRITICAL
Network
|
-
|
-
|
wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object …
|
CWE-863
Incorrect Authorization
|
CVE-2026-43948
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2213
|
6.8 |
MEDIUM
Network
|
bx33661
|
wireshark_mcp
|
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_expor…
|
CWE-22
Path Traversal
|
CVE-2026-43901
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2214
|
7.7 |
HIGH
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken aut…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-43890
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2215
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and jo…
|
CWE-93
CRLF Injection
|
CVE-2026-43882
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2216
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail(), which s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-43876
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2217
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
liveupdate: luo_file: remember retrieve() status
LUO keeps track of successful retrieve attempts on a LUO file. It does so
to av…
|
-
|
CVE-2026-43489
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2218
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Prevent interrupt storm on host controller error (HCE)
The xHCI controller reports a Host Controller Error (HCE) in UA…
|
-
|
CVE-2026-43488
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2219
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Disable LPM on ST1000DM010-2EP102
According to a user report, the ST1000DM010-2EP102 has problems with LPM,
cau…
|
-
|
CVE-2026-43487
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2220
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults
contpte_ptep_set_access_flags() compared the gathered ptep…
|
-
|
CVE-2026-43486
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
