|
4681
|
7.0 |
HIGH
Local
|
-
|
-
|
Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.
The session manager performed unsafe deserialization of session-file contents (using Python's standard object-seria…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7818
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4682
|
8.1 |
HIGH
Network
|
-
|
-
|
Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.
check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent k…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-7819
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4683
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.
pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-7820
|
2026-05-14 00:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4684
|
- |
|
-
|
-
|
Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
|
-
|
CVE-2026-21019
|
2026-05-14 00:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4685
|
- |
|
-
|
-
|
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
|
-
|
CVE-2026-21024
|
2026-05-14 00:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4686
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8235
|
2026-05-14 00:33 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4687
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update H…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8210
|
2026-05-14 00:32 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4688
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JS…
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-8211
|
2026-05-14 00:32 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4689
|
3.5 |
LOW
Adjacent
|
-
|
-
|
A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The ma…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8232
|
2026-05-14 00:32 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4690
|
4.6 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-8233
|
2026-05-14 00:32 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
