|
1321
|
8.8 |
HIGH
Network
|
apache
|
cloudstack
|
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an…
Update
|
CWE-94
Code Injection
|
CVE-2026-25077
|
2026-05-11 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev…
Update
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7915
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
Update
|
CWE-787
CWE-125
Out-of-bounds Write
Out-of-bounds Read
|
CVE-2026-7902
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50957
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50943
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
8.8 |
HIGH
Network
|
-
|
-
|
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager con…
New
|
CWE-59
Link Following
|
CVE-2021-47949
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
7.8 |
HIGH
Local
|
-
|
-
|
Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47945
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
7.5 |
HIGH
Network
|
-
|
-
|
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47944
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
8.8 |
HIGH
Network
|
-
|
-
|
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…
New
|
CWE-94
Code Injection
|
CVE-2021-47935
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47931
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
