|
2631
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35015
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2632
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35016
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2633
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-9139
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2634
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-9141
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2635
|
7.6 |
HIGH
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9144
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2636
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.
Multiple LiveView event…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8469
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2637
|
- |
|
-
|
-
|
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign…
|
CWE-94
Code Injection
|
CVE-2026-8467
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2638
|
- |
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.
'Elixir.PhoenixStorybook.Stor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47068
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2639
|
7.5 |
HIGH
Adjacent
|
-
|
-
|
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
|
CWE-78
OS Command
|
CVE-2026-45255
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2640
|
8.4 |
HIGH
Local
|
-
|
-
|
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-45253
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
