|
1131
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platfor…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-2514
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1132
|
5.0 |
MEDIUM
Network
|
-
|
-
|
An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, an…
|
CWE-269
Improper Privilege Management
|
CVE-2026-7778
|
2026-05-8 00:12 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1133
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplyin…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41950
|
2026-05-8 00:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1134
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and par…
|
CWE-22
Path Traversal
|
CVE-2026-6321
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1135
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1136
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1137
|
7.8 |
HIGH
Local
|
-
|
-
|
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may b…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-6691
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1138
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1139
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1140
|
- |
|
-
|
-
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
