|
6371
|
6.9 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46361
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6372
|
6.5 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46362
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6373
|
5.4 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authent…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46363
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6374
|
9.8 |
CRITICAL
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h…
|
CWE-89
SQL Injection
|
CVE-2026-46364
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6375
|
5.4 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl…
|
CWE-862
Missing Authorization
|
CVE-2026-46365
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6376
|
7.5 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted …
|
CWE-863
Incorrect Authorization
|
CVE-2026-46366
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6377
|
7.6 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46367
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6378
|
6.1 |
MEDIUM
Network
|
siemens
|
teamcenter
|
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All …
|
CWE-79
Cross-site Scripting
|
CVE-2026-33862
|
2026-05-19 02:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6379
|
4.3 |
MEDIUM
Network
|
dovecot
open-xchange
|
dovecot
|
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42006
|
2026-05-19 02:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6380
|
8.8 |
HIGH
Network
|
fortinet
|
fortindr
|
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions…
|
CWE-89
SQL Injection
|
CVE-2026-25088
|
2026-05-19 02:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
