|
2481
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation caus…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8273
|
2026-05-12 01:17 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2482
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8217
|
2026-05-12 01:17 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2483
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec…
|
-
|
CVE-2025-63750
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2484
|
8.1 |
HIGH
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-12 00:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2485
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-12 00:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2486
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug…
|
CWE-863
Incorrect Authorization
|
CVE-2025-66170
|
2026-05-12 00:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2487
|
7.5 |
HIGH
Network
|
osrg
|
gobgp
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42285
|
2026-05-12 00:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2488
|
5.4 |
MEDIUM
Network
|
misp
|
misp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.
This issue affects MISP before 2.5.37.
A stored cross-si…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8080
|
2026-05-12 00:21 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2489
|
8.0 |
HIGH
Network
|
phoenixcontact
|
fl_mguard_2102_firmware
fl_mguard_2105_firmware
fl_mguard_4102_pci_firmware
fl_mguard_4102_pcie_firmware
fl_mguard_4302_firmware
fl_mguard_4305_firmware
fl_mguard_centerport_firmwar…
|
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2024-43384
|
2026-05-12 00:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2490
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
|
NVD-CWE-noinfo
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-8091
|
2026-05-12 00:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
