|
1881
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers.
This issue affects BAPSİS: before v.202604152042.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6001
|
2026-05-13 01:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
8.8 |
HIGH
Network
|
-
|
-
|
Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation.
This issue affect…
|
CWE-863
Incorrect Authorization
|
CVE-2026-2465
|
2026-05-13 01:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to pe…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44499
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
5.3 |
MEDIUM
Network
|
-
|
-
|
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intend…
|
CWE-22
Path Traversal
|
CVE-2026-42028
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6659
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server co…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41517
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verif…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-42193
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
3.4 |
LOW
Network
|
-
|
-
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
|
CWE-200
CWE-601
Information Exposure
Open Redirect
|
CVE-2026-42195
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
8.8 |
HIGH
Network
|
-
|
-
|
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to i…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42205
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing un…
|
CWE-352
Origin Validation Error
|
CVE-2026-42286
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
