|
1331
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47929
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1332
|
6.5 |
MEDIUM
Local
|
-
|
-
|
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim …
New
|
CWE-88
Argument Injection
|
CVE-2026-45181
|
2026-05-10 17:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1333
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument se…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8234
|
2026-05-10 16:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1334
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8231
|
2026-05-10 15:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1335
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip…
New
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-8213
|
2026-05-10 08:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1336
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas…
New
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-8212
|
2026-05-10 08:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1337
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JS…
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-8211
|
2026-05-10 08:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1338
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update H…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8210
|
2026-05-10 06:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1339
|
8.1 |
HIGH
Network
|
-
|
-
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-42606
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1340
|
6.5 |
MEDIUM
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *r…
New
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-42576
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
