|
4901
|
2.4 |
LOW
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-8136
|
2026-05-9 00:41 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4902
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation resul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8112
|
2026-05-9 00:39 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4903
|
- |
|
-
|
-
|
A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.
This vulnerability is associated with program files gcm128w, gcm512w.
This issue affects BC-FJ…
|
CWE-1068
Inconsistency Between Implementation and Documented Design
|
CVE-2026-8149
|
2026-05-9 00:38 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4904
|
- |
|
-
|
-
|
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule…
|
CWE-277
Insecure Inherited Permissions
|
CVE-2026-7891
|
2026-05-9 00:37 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4905
|
3.3 |
LOW
Local
|
-
|
-
|
Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg…
|
CWE-778
Insufficient Logging
|
CVE-2026-32803
|
2026-05-9 00:36 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4906
|
- |
|
-
|
-
|
An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-3508
|
2026-05-9 00:34 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4907
|
- |
|
-
|
-
|
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touc…
|
CWE-782
Exposed IOCTL with Insufficient Access Control
|
CVE-2026-6737
|
2026-05-9 00:34 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4908
|
- |
|
-
|
-
|
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. …
|
CWE-22
CWE-269
CWE-284
CWE-732
Path Traversal
Improper Privilege Management
Improper Access Control
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8069
|
2026-05-9 00:34 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4909
|
- |
|
-
|
-
|
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and inte…
|
CWE-89
SQL Injection
|
CVE-2026-44349
|
2026-05-9 00:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4910
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filte…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41906
|
2026-05-9 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
