|
2401
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47929
|
2026-05-14 00:30 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2402
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47931
|
2026-05-14 00:30 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2403
|
7.5 |
HIGH
Network
|
-
|
-
|
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47944
|
2026-05-14 00:30 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2404
|
7.8 |
HIGH
Local
|
-
|
-
|
Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47945
|
2026-05-14 00:30 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, al…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-45222
|
2026-05-14 00:30 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
8.1 |
HIGH
Network
|
-
|
-
|
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44400
|
2026-05-14 00:30 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-14 00:29 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
8.8 |
HIGH
Network
|
-
|
-
|
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager con…
|
CWE-59
Link Following
|
CVE-2021-47949
|
2026-05-14 00:29 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50957
|
2026-05-14 00:29 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50943
|
2026-05-14 00:27 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
