|
811
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM…
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24120
|
2026-05-5 10:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
5.4 |
MEDIUM
Network
|
wolterskluwer
|
lex_baza_dokumentow
|
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely
processes the parameter on the client side, allowing an attacker to execute arbitrary
JavaScript …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-1493
|
2026-05-5 09:30 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
7.5 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible via built-in web server
Update
|
CWE-59
Link Following
|
CVE-2026-41882
|
2026-05-5 09:24 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
7.8 |
HIGH
Local
|
ibm
|
turbonomic_prometurbo_agent
|
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An a…
Update
|
CWE-269
NVD-CWE-noinfo
Improper Privilege Management
|
CVE-2026-6389
|
2026-05-5 09:17 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_documen…
New
|
CWE-22
Path Traversal
|
CVE-2026-7788
|
2026-05-5 09:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7785
|
2026-05-5 09:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipula…
New
|
CWE-22
Path Traversal
|
CVE-2026-7784
|
2026-05-5 09:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7783
|
2026-05-5 09:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
8.8 |
HIGH
Network
|
dbitnet
|
dbit_n300_t1_pro_firmware
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanism…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-36956
|
2026-05-5 09:09 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
3.7 |
LOW
Network
|
-
|
-
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
New
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-5 08:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
