|
2251
|
3.3 |
LOW
Local
|
-
|
-
|
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe…
|
CWE-22
Path Traversal
|
CVE-2026-41530
|
2026-05-13 00:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2252
|
7.4 |
HIGH
Network
|
-
|
-
|
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41872
|
2026-05-13 00:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2253
|
- |
|
-
|
-
|
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited…
|
CWE-1392
Use of Default Credentials
|
CVE-2026-7428
|
2026-05-13 00:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2254
|
8.1 |
HIGH
Network
|
-
|
-
|
HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission …
|
CWE-352
Origin Validation Error
|
CVE-2026-38566
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2255
|
9.8 |
CRITICAL
Network
|
-
|
-
|
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c…
|
CWE-89
SQL Injection
|
CVE-2026-38567
|
2026-05-13 00:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2256
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61305
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2257
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61306
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2258
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61307
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2259
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61308
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2260
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61309
|
2026-05-13 00:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
