|
3241
|
8.1 |
HIGH
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-12 00:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3242
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-12 00:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3243
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug…
|
CWE-863
Incorrect Authorization
|
CVE-2025-66170
|
2026-05-12 00:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3244
|
7.5 |
HIGH
Network
|
osrg
|
gobgp
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42285
|
2026-05-12 00:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3245
|
5.4 |
MEDIUM
Network
|
misp
|
misp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.
This issue affects MISP before 2.5.37.
A stored cross-si…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8080
|
2026-05-12 00:21 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3246
|
8.0 |
HIGH
Network
|
phoenixcontact
|
fl_mguard_2102_firmware
fl_mguard_2105_firmware
fl_mguard_4102_pci_firmware
fl_mguard_4102_pcie_firmware
fl_mguard_4302_firmware
fl_mguard_4305_firmware
fl_mguard_centerport_firmwar…
|
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2024-43384
|
2026-05-12 00:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3247
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
|
NVD-CWE-noinfo
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-8091
|
2026-05-12 00:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3248
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-8092
|
2026-05-12 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3249
|
7.5 |
HIGH
Network
|
google
|
android
|
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
|
NVD-CWE-noinfo
|
CVE-2025-71251
|
2026-05-12 00:13 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3250
|
7.5 |
HIGH
Network
|
google
|
android
|
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
|
NVD-CWE-noinfo
|
CVE-2025-71252
|
2026-05-12 00:13 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
