|
4691
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted re…
|
CWE-862
Missing Authorization
|
CVE-2026-8407
|
2026-05-14 01:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4692
|
7.2 |
HIGH
Network
|
-
|
-
|
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to
execute arbitrary commands via a specific interface,
potentially enabling the attacker to acc…
|
CWE-89
SQL Injection
|
CVE-2026-6888
|
2026-05-14 01:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4693
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v…
|
CWE-862
Missing Authorization
|
CVE-2026-5146
|
2026-05-14 01:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4694
|
8.1 |
HIGH
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDele…
|
CWE-352
CWE-650
Origin Validation Error
Trusting HTTP Permission Methods on the Server Side
|
CVE-2026-44548
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4695
|
9.6 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/publ…
|
CWE-287
CWE-304
Improper Authentication
Missing Critical Step in Authentication
|
CVE-2026-44547
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4696
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs f…
|
CWE-284
Improper Access Control
|
CVE-2026-44352
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4697
|
8.1 |
HIGH
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44260
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4698
|
4.6 |
MEDIUM
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade…
|
CWE-80
Basic XSS
|
CVE-2026-44259
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4699
|
3.7 |
LOW
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44242
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4700
|
7.5 |
HIGH
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeForma…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44241
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
