|
2831
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The l…
|
CWE-863
Incorrect Authorization
|
CVE-2026-33489
|
2026-05-9 01:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2832
|
9.8 |
CRITICAL
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server check…
|
CWE-287
Improper Authentication
|
CVE-2026-35579
|
2026-05-9 00:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2833
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
|
CWE-79
Cross-site Scripting
|
CVE-2023-42343
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2834
|
7.3 |
HIGH
Network
|
-
|
-
|
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
|
CWE-611
XXE
|
CVE-2023-42344
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2835
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.
|
CWE-79
Cross-site Scripting
|
CVE-2023-42345
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2836
|
8.7 |
HIGH
Network
|
-
|
-
|
Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41524
|
2026-05-9 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2837
|
7.1 |
HIGH
Network
|
-
|
-
|
Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through PHP's nl2br() function, wh…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41576
|
2026-05-9 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2838
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malici…
|
CWE-94
Code Injection
|
CVE-2026-41645
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2839
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to …
|
CWE-284
Improper Access Control
|
CVE-2026-41646
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2840
|
9.8 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…
|
CWE-77
Command Injection
|
CVE-2026-41500
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
