|
1421
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33588
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
- |
|
-
|
-
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
|
CWE-20
Improper Input Validation
|
CVE-2026-33589
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41657
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
7.1 |
HIGH
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41660
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
3.5 |
LOW
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire v…
|
CWE-352
Origin Validation Error
|
CVE-2026-41663
|
2026-05-7 23:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
4.3 |
MEDIUM
Network
|
flowiseai
|
flowise
|
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argumen…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8027
|
2026-05-7 23:50 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
3.7 |
LOW
Network
|
flowiseai
|
flowise
|
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf…
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8028
|
2026-05-7 23:47 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3953
|
2026-05-7 23:44 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security…
|
CWE-416
Use After Free
|
CVE-2026-7910
|
2026-05-7 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Lidera…
|
CWE-346
Origin Validation Error
|
CVE-2026-6508
|
2026-05-7 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
