|
631
|
8.7 |
HIGH
Network
|
-
|
-
|
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML direct…
|
CWE-79
Cross-site Scripting
|
CVE-2026-28445
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Re…
|
CWE-862
CWE-918
Missing Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-33712
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter
|
CWE-22
Path Traversal
|
CVE-2026-36227
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
7.3 |
HIGH
Network
|
-
|
-
|
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36228
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-37470
|
2026-05-23 03:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
-
|
CVE-2026-42506
|
2026-05-23 03:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
-
|
CVE-2026-42502
|
2026-05-23 03:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
-
|
CVE-2026-25681
|
2026-05-23 03:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
8.8 |
HIGH
Network
|
ivanti
|
secure_access_client
|
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-8992
|
2026-05-23 02:50 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
7.1 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and down…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3473
|
2026-05-23 02:21 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
