|
471
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12494. Reason: This candidate is a reservation duplicate of CVE-2025-12494. Notes: All CVE users should reference …
New
|
-
|
CVE-2025-13890
|
2026-05-1 01:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-33467
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both…
New
|
CWE-798
CWE-912
Use of Hard-coded Credentials
Hidden Functionality
|
CVE-2026-41446
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
7.2 |
HIGH
Network
|
-
|
-
|
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42615
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
- |
|
-
|
-
|
SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and…
New
|
CWE-89
SQL Injection
|
CVE-2026-3325
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
- |
|
-
|
-
|
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-42248
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
- |
|
-
|
-
|
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat…
New
|
CWE-22
CWE-494
Path Traversal
Download of Code Without Integrity Check
|
CVE-2026-42249
|
2026-05-1 00:48 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-25852
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41220
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
7.8 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) …
New
|
CWE-123
Write-what-where Condition
|
CVE-2026-41952
|
2026-05-1 00:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
