|
5501
|
- |
|
-
|
-
|
Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5790
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5502
|
- |
|
-
|
-
|
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated at…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5798
|
2026-05-15 01:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5503
|
9.9 |
CRITICAL
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permi…
|
CWE-862
Missing Authorization
|
CVE-2026-44442
|
2026-05-15 01:45 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5504
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including
the members list (user IDs, e-mails, roles), settings, and device cou…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44426
|
2026-05-15 01:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5505
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34088
|
2026-05-15 01:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5506
|
7.5 |
HIGH
Network
|
mediawiki
|
checkuser
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.
This issue affects CheckUser: from 1.45.0 before 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34090
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5507
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34091
|
2026-05-15 01:42 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5508
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Skin/Skin.Php.
This issue…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-34092
|
2026-05-15 01:41 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5509
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on …
|
CWE-22
Path Traversal
|
CVE-2026-44440
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5510
|
5.0 |
MEDIUM
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44441
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
