|
5651
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50964
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5652
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50965
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5653
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50966
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5654
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50967
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5655
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50968
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5656
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50969
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5657
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra…
|
CWE-79
Cross-site Scripting
|
CVE-2022-50970
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5658
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41705
|
2026-05-12 23:20 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5659
|
8.0 |
HIGH
Network
|
-
|
-
|
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
|
CWE-78
OS Command
|
CVE-2026-4802
|
2026-05-12 23:20 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5660
|
8.2 |
HIGH
Network
|
-
|
-
|
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44413
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
