|
2671
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67886
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
7.3 |
HIGH
Network
|
-
|
-
|
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
|
CWE-94
Code Injection
|
CVE-2024-46507
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
7.3 |
HIGH
Network
|
-
|
-
|
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free…
|
CWE-77
Command Injection
|
CVE-2024-45257
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
6.3 |
MEDIUM
Network
|
-
|
-
|
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].
|
CWE-89
SQL Injection
|
CVE-2024-33722
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
7.3 |
HIGH
Network
|
-
|
-
|
Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
|
CWE-89
SQL Injection
|
CVE-2024-33288
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
- |
|
-
|
-
|
Apache::Session versions through 1.94 for Perl re-creates deleted sessions.
The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not ex…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2013-10075
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject immediate NF_QUEUE verdict
nft_queue is always used from userspace nftables to deliver the NF_QUEUE
…
|
NVD-CWE-noinfo
|
CVE-2026-43024
|
2026-05-9 03:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpib: lpvo_usb: fix memory leak on disconnect
The driver iterates over the registered USB interfaces during GPIB
attach and takes…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31760
|
2026-05-9 03:11 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: gyro: mpu3050: Move iio_device_register() to correct location
iio_device_register() should be at the end of the probe functi…
|
CWE-362
Race Condition
|
CVE-2026-31761
|
2026-05-9 03:11 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: gyro: mpu3050: Fix irq resource leak
The interrupt handler is setup but only a few lines down if
iio_trigger_register() fail…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31762
|
2026-05-9 03:09 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
