|
471
|
- |
|
-
|
-
|
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…
New
|
CWE-228
Improper Handling of Syntactically Invalid Structure
|
CVE-2026-42100
|
2026-05-19 23:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
3.9 |
LOW
Local
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-27964
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…
New
|
CWE-200
CWE-212
Information Exposure
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-27892
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…
New
|
CWE-200
CWE-524
CWE-672
Information Exposure
Use of Cache Containing Sensitive Information
Operation on a Resource after Expiration or Release
|
CVE-2026-32244
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
- |
|
-
|
-
|
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33514
|
2026-05-19 23:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
10.0 |
CRITICAL
Network
|
-
|
-
|
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-43633
|
2026-05-19 23:43 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
6.5 |
MEDIUM
Network
|
vercel
|
turborepo
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…
Update
|
CWE-352
CWE-384
Origin Validation Error
Session Fixation
|
CVE-2026-45773
|
2026-05-19 23:41 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
9.8 |
CRITICAL
Network
|
vercel
|
turborepo
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…
Update
|
CWE-426
Untrusted Search Path
|
CVE-2026-45772
|
2026-05-19 23:41 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
7.5 |
HIGH
Network
|
ws_project
|
ws
|
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-45736
|
2026-05-19 23:39 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
7.5 |
HIGH
Network
|
-
|
-
|
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…
New
|
-
|
CVE-2025-15609
|
2026-05-19 23:38 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
