|
3301
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.…
|
CWE-22
Path Traversal
|
CVE-2026-39352
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3302
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package t…
|
CWE-22
Path Traversal
|
CVE-2026-39405
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3303
|
7.4 |
HIGH
Network
|
-
|
-
|
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls ext…
|
CWE-20
CWE-98
Improper Input Validation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39850
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3304
|
8.6 |
HIGH
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-39310
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3305
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-39311
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3306
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9102
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3307
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesys…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-9129
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3308
|
7.7 |
HIGH
Network
|
-
|
-
|
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint migh…
|
CWE-489
Exposure of Data Element to Wrong Session
|
CVE-2026-9133
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3309
|
8.7 |
HIGH
Network
|
-
|
-
|
authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Inject…
|
CWE-91
CWE-287
CWE-436
Blind XPath Injection
Improper Authentication
Interpretation Conflict
|
CVE-2026-40165
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3310
|
- |
|
-
|
-
|
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of …
|
CWE-306
CWE-639
Missing Authentication for Critical Function
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9152
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
