|
2511
|
4.6 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2025-40900
|
2026-05-21 02:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-269
Improper Privilege Management
|
CVE-2026-8970
|
2026-05-21 02:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code_cli
|
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8766
|
2026-05-21 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
4.0 |
MEDIUM
Physics
|
-
|
-
|
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
|
CWE-682
Incorrect Calculation
|
CVE-2023-7346
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
7.2 |
HIGH
Network
|
-
|
-
|
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7613
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,
idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9087
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t…
|
CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
|
CVE-2026-9100
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execu…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-9101
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-39047
|
2026-05-21 02:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
- |
|
-
|
-
|
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecu…
|
CWE-287
Improper Authentication
|
CVE-2026-9084
|
2026-05-21 02:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
