|
5681
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5682
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-6 04:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5683
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated rem…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-32834
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5684
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41471
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5685
|
7.5 |
HIGH
Network
|
-
|
-
|
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fiel…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-25863
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5686
|
7.7 |
HIGH
Network
|
-
|
-
|
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-43824
|
2026-05-6 04:47 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5687
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2025-70069
|
2026-05-6 04:47 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5688
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70070
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5689
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70072
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5690
|
5.9 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2025-70071
|
2026-05-6 04:47 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
