8.2

CVSS4.0

CVE-2026-33589 - Arbitrary File Read via Local File Inclusion (LFI)

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

πŸ“… Published: May 7, 2026, 10:31 a.m. πŸ”„ Last Modified: May 7, 2026, 9:24 p.m.

7

CVSS4.0

CVE-2026-33588 - Arbitrary File Write Through Path Traversal

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

πŸ“… Published: May 7, 2026, 10:28 a.m. πŸ”„ Last Modified: May 7, 2026, 9:24 p.m.

9.2

CVSS4.0

CVE-2026-33587 - Remote Code Execution (RCE) via Server-Side Template Injection (SSTI)

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

πŸ“… Published: May 7, 2026, 10:22 a.m. πŸ”„ Last Modified: May 7, 2026, 9:24 p.m.

4.3

CVSS3.1

CVE-2026-27415 - WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5.

πŸ“… Published: May 7, 2026, 10:20 a.m. πŸ”„ Last Modified: May 7, 2026, 9:24 p.m.

8.7

CVSS4.0

CVE-2026-28201 - SurrealDB Injection on Open Notebook

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is …

πŸ“… Published: May 7, 2026, 10:12 a.m. πŸ”„ Last Modified: May 7, 2026, 9:24 p.m.

6.9

CVSS4.0

CVE-2026-6805 - Vulnerability on Cryptobox external sharing feature

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

πŸ“… Published: May 7, 2026, 9:45 a.m. πŸ”„ Last Modified: May 7, 2026, 9:45 a.m.

5.3

CVSS3.1

CVE-2026-27416 - WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.

πŸ“… Published: May 7, 2026, 8:38 a.m. πŸ”„ Last Modified: May 7, 2026, 8:38 a.m.

8

CVSS3.1

CVE-2024-43384 - Phoenix Contact: Improper removal of sensitive information in MGUARD products

A low privileged remote attacker can gainΒ the root password due to improper removal of sensitive information before storage or transfer.

πŸ“… Published: May 7, 2026, 8:37 a.m. πŸ”„ Last Modified: May 7, 2026, 8:37 a.m.

8.3

CVSS3.1

CVE-2025-1978 - Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual S…

πŸ“… Published: May 7, 2026, 8:05 a.m. πŸ”„ Last Modified: May 7, 2026, 8:05 a.m.

5.9

CVSS3.1

CVE-2025-62127 - WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0.

πŸ“… Published: May 7, 2026, 7:54 a.m. πŸ”„ Last Modified: May 7, 2026, 9:25 p.m.
Total resulsts: 349182
Page 48 of 34,919
Β« previous page Β» next page
Filters