|
691
|
7.0 |
HIGH
Local
|
-
|
-
|
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attackin…
New
|
CWE-59
CWE-61
Link Following
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-7832
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
9.6 |
CRITICAL
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability e…
New
|
CWE-89
SQL Injection
|
CVE-2026-42087
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
8.7 |
HIGH
Network
|
-
|
-
|
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulner…
New
|
CWE-89
SQL Injection
|
CVE-2026-35228
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
5.9 |
MEDIUM
Network
|
-
|
-
|
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under…
New
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2026-28510
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
8.8 |
HIGH
Network
|
sailpoint
|
identityiq
|
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-5712
|
2026-05-5 21:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
7.1 |
HIGH
Local
|
dell
|
dell\/alienware_purchased_apps
|
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
Update
|
CWE-59
Link Following
|
CVE-2026-27105
|
2026-05-5 21:37 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat…
New
|
CWE-22
Path Traversal
|
CVE-2026-6262
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
8.8 |
HIGH
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6261
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers …
New
|
CWE-183
Permissive List of Allowed Inputs
|
CVE-2026-43574
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact wi…
New
|
CWE-862
CWE-918
Missing Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-43573
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
