|
5031
|
9.6 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/publ…
|
CWE-287
CWE-304
Improper Authentication
Missing Critical Step in Authentication
|
CVE-2026-44547
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5032
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs f…
|
CWE-284
Improper Access Control
|
CVE-2026-44352
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5033
|
8.1 |
HIGH
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44260
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5034
|
4.6 |
MEDIUM
Network
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade…
|
CWE-80
Basic XSS
|
CVE-2026-44259
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5035
|
3.7 |
LOW
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44242
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5036
|
7.5 |
HIGH
Network
|
-
|
-
|
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeForma…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44241
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5037
|
6.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exp…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-44113
|
2026-05-14 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5038
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user …
|
CWE-479
|
CVE-2026-44011
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5039
|
- |
|
-
|
-
|
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filteri…
|
CWE-862
Missing Authorization
|
CVE-2026-44010
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5040
|
9.9 |
CRITICAL
Network
|
-
|
-
|
wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object …
|
CWE-863
Incorrect Authorization
|
CVE-2026-43948
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
