|
921
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs.
This i…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-12008
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.
…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6008
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Ex…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-15025
|
2026-05-15 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying …
New
|
CWE-94
CWE-1321
Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44005
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
9.9 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin expos…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-43999
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
5.6 |
MEDIUM
Local
|
-
|
-
|
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-29338
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
7.3 |
HIGH
Network
|
-
|
-
|
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-55045
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated S…
New
|
-
|
CVE-2026-8496
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
- |
|
-
|
-
|
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the cli…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2025-68420
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
- |
|
-
|
-
|
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elev…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2025-68421
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
