|
521
|
8.1 |
HIGH
Network
|
-
|
-
|
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands…
New
|
CWE-78
OS Command
|
CVE-2022-50994
|
2026-05-9 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access …
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41928
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41929
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
8.6 |
HIGH
Network
|
-
|
-
|
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per…
New
|
CWE-89
SQL Injection
|
CVE-2026-4935
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
New
|
CWE-138
Improper Neutralization of Special Elements
|
CVE-2026-26129
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
New
|
CWE-74
Injection
|
CVE-2026-26164
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-32207
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
New
|
CWE-284
Improper Access Control
|
CVE-2026-33109
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
New
|
CWE-77
Command Injection
|
CVE-2026-33111
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
New
|
CWE-285
Improper Authorization
|
CVE-2026-33823
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
