|
21
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper
access control in the vault documentation feature in Devolutions
Server allows an authenticated attacker to read documentation content
from unauthorized vaults via a crafted API request.
…
New
|
CWE-862
Missing Authorization
|
CVE-2026-6706
|
2026-05-1 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constrai…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-3833
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a lo…
New
|
CWE-179
Incorrect Behavior Order: Early Validation
|
CVE-2026-3832
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38940
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38939
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.
New
|
CWE-22
Path Traversal
|
CVE-2026-36767
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
|
-
|
-
|
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting …
New
|
-
|
CVE-2026-36766
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
- |
|
-
|
-
|
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.
New
|
-
|
CVE-2026-36765
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-36764
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-36763
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
