|
2761
|
5.0 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46561
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2762
|
8.8 |
HIGH
Network
|
-
|
-
|
vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and …
|
CWE-22
Path Traversal
|
CVE-2026-4944
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2763
|
7.1 |
HIGH
Network
|
-
|
-
|
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input fi…
|
CWE-89
SQL Injection
|
CVE-2026-4776
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2764
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests f…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9557
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2765
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated us…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-9558
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2766
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escap…
|
CWE-22
CWE-73
CWE-98
Path Traversal
External Control of File Name or Path
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-9559
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2767
|
7.1 |
HIGH
Network
|
-
|
-
|
An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or …
|
CWE-863
Incorrect Authorization
|
CVE-2026-9808
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2768
|
7.6 |
HIGH
Network
|
-
|
-
|
A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9809
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2769
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9811
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2770
|
- |
|
-
|
-
|
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component …
|
CWE-23
Relative Path Traversal
|
CVE-2026-8326
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
