|
2331
|
5.1 |
MEDIUM
Local
|
-
|
-
|
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords.
This issue affects Avantra: before 25.3.0.
|
CWE-1393
Use of Default Password
|
CVE-2026-8672
|
2026-05-23 01:32 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2332
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.
This issue affects Avantra: before 25.3.0.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2026-8673
|
2026-05-23 01:32 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2333
|
7.5 |
HIGH
Network
|
-
|
-
|
Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter
|
CWE-22
Path Traversal
|
CVE-2025-45145
|
2026-05-23 01:32 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2334
|
- |
|
-
|
-
|
Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_fie…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4929
|
2026-05-23 01:17 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2335
|
- |
|
-
|
-
|
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline.
Vector A (token display templates): When the Token module is enabled and token di…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4093
|
2026-05-23 01:17 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2336
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user c…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-21508
|
2026-05-23 01:17 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2337
|
- |
|
-
|
-
|
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8997
|
2026-05-23 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2338
|
7.5 |
HIGH
Network
|
-
|
-
|
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
|
CWE-331
Insufficient Entropy
|
CVE-2026-46473
|
2026-05-23 01:14 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2339
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6960
|
2026-05-23 00:50 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2340
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-45206
|
2026-05-23 00:49 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
