|
1751
|
7.6 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply …
|
CWE-79
Cross-site Scripting
|
CVE-2026-41904
|
2026-05-8 05:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1752
|
9.8 |
CRITICAL
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and …
|
NVD-CWE-noinfo
|
CVE-2025-59851
|
2026-05-8 05:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1753
|
9.1 |
CRITICAL
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-59852
|
2026-05-8 05:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1754
|
5.3 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-59853
|
2026-05-8 05:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1755
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b…
|
CWE-80
CWE-79
Basic XSS
Cross-site Scripting
|
CVE-2025-59854
|
2026-05-8 05:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1756
|
6.5 |
MEDIUM
Local
|
sandboxie-plus
|
sandboxie
|
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege…
|
CWE-20
Improper Input Validation
|
CVE-2026-32603
|
2026-05-8 05:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1757
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could al…
|
CWE-358
CWE-79
Improperly Implemented Security Check for Standard
Cross-site Scripting
|
CVE-2025-31970
|
2026-05-8 04:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1758
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
The counter driver can use HW channels 1 and 2, while the PW…
|
NVD-CWE-noinfo
|
CVE-2026-31740
|
2026-05-8 04:56 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1759
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
Runtime PM counter is incremented / decremented each time…
|
NVD-CWE-Other
|
CVE-2026-31741
|
2026-05-8 04:55 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1760
|
7.2 |
HIGH
Network
|
-
|
-
|
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
|
CWE-79
Cross-site Scripting
|
CVE-2026-44742
|
2026-05-8 04:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
