|
1941
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI l…
|
CWE-862
Missing Authorization
|
CVE-2026-41658
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1942
|
4.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allow…
|
CWE-22
Path Traversal
|
CVE-2026-41656
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1943
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a mal…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-41643
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1944
|
7.2 |
HIGH
Network
|
-
|
-
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL …
|
CWE-89
CWE-284
SQL Injection
Improper Access Control
|
CVE-2026-41641
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1945
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41587
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1946
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts u…
|
CWE-22
Path Traversal
|
CVE-2026-41203
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1947
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted fro…
|
CWE-126
Buffer Over-read
|
CVE-2026-37532
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1948
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitl…
|
CWE-269
Improper Privilege Management
|
CVE-2026-37525
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1949
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authenticatio…
|
CWE-284
Improper Access Control
|
CVE-2026-37526
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1950
|
9.8 |
CRITICAL
Network
|
-
|
-
|
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu…
|
CWE-22
CWE-367
Path Traversal
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-37531
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
