|
521
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-36761
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
9.6 |
CRITICAL
Network
|
-
|
-
|
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files w…
New
|
CWE-22
Path Traversal
|
CVE-2026-36760
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36759
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36758
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36757
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36756
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
8.1 |
HIGH
Network
|
-
|
-
|
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function
New
|
CWE-94
Code Injection
|
CVE-2026-36340
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33845
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by decla…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41404
|
2026-05-1 02:41 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
4.0 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass acce…
Update
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-41403
|
2026-05-1 02:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
