|
2991
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.
|
-
|
CVE-2026-38931
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2992
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Account Manager for WooCom…
|
CWE-862
Missing Authorization
|
CVE-2022-41656
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2993
|
7.5 |
HIGH
Network
|
ibm
|
http_server
|
IBM HTTP Server 8.5, and 9.0
|
CWE-94
Code Injection
|
CVE-2026-9170
|
2026-05-28 02:07 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2994
|
9.8 |
CRITICAL
Network
|
microsoft
|
power_pages
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-23652
|
2026-05-28 02:01 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2995
|
9.8 |
CRITICAL
Network
|
microsoft
|
entra_id
|
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-33843
|
2026-05-28 01:50 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2996
|
8.8 |
HIGH
Network
|
microsoft
|
azure_privileged_identity_management
|
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-35430
|
2026-05-28 01:48 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2997
|
8.8 |
HIGH
Network
|
microsoft
|
azure_virtual_network_gateway
|
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-40411
|
2026-05-28 01:47 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2998
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_orbital_spatio
|
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40412
|
2026-05-28 01:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2999
|
7.5 |
HIGH
Network
|
microsoft
|
365_copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-42827
|
2026-05-28 01:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3000
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_resource_manager
|
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-47280
|
2026-05-28 01:14 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
