|
2671
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-8485
|
2026-05-21 02:50 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
4.6 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2025-40900
|
2026-05-21 02:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-269
Improper Privilege Management
|
CVE-2026-8970
|
2026-05-21 02:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code_cli
|
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executi…
|
CWE-200
CWE-284
NVD-CWE-noinfo
Information Exposure
Improper Access Control
|
CVE-2026-8766
|
2026-05-21 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
4.0 |
MEDIUM
Physics
|
-
|
-
|
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
|
CWE-682
Incorrect Calculation
|
CVE-2023-7346
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
7.2 |
HIGH
Network
|
-
|
-
|
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7613
|
2026-05-21 02:33 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,
idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9087
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t…
|
CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
|
CVE-2026-9100
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execu…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-9101
|
2026-05-21 02:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-39047
|
2026-05-21 02:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
