|
221
|
- |
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
New
|
-
|
CVE-2025-61308
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
- |
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…
New
|
-
|
CVE-2025-61307
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
- |
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…
New
|
-
|
CVE-2025-61306
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
- |
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
New
|
-
|
CVE-2025-61305
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
8.1 |
HIGH
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
Update
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-12 00:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-12 00:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug…
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-66170
|
2026-05-12 00:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
7.5 |
HIGH
Network
|
osrg
|
gobgp
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42285
|
2026-05-12 00:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
5.4 |
MEDIUM
Network
|
misp
|
misp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.
This issue affects MISP before 2.5.37.
A stored cross-si…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-8080
|
2026-05-12 00:21 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
8.0 |
HIGH
Network
|
phoenixcontact
|
fl_mguard_2102_firmware
fl_mguard_2105_firmware
fl_mguard_4102_pci_firmware
fl_mguard_4102_pcie_firmware
fl_mguard_4302_firmware
fl_mguard_4305_firmware
fl_mguard_centerport_firmwar…
|
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
Update
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2024-43384
|
2026-05-12 00:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
