|
811
|
4.3 |
MEDIUM
Network
|
dovecot
open-xchange
|
dovecot
|
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42006
|
2026-05-19 02:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
8.8 |
HIGH
Network
|
fortinet
|
fortindr
|
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions…
Update
|
CWE-89
SQL Injection
|
CVE-2026-25088
|
2026-05-19 02:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortideceptor
|
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2…
Update
|
CWE-88
Argument Injection
|
CVE-2026-25690
|
2026-05-19 02:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-8843
|
2026-05-19 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
9.1 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
Update
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-19 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-47959
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation.…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-47965
|
2026-05-19 02:05 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2020-37233
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2020-37235
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f…
Update
|
CWE-22
Path Traversal
|
CVE-2021-47977
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
