VulDB Recent Entries

ID: bd792610-a3c7-59a2-93c3-43e6a913f4d3

STIX ID: identity--bd792610-a3c7-59a2-93c3-43e6a913f4d3

Feed Type: rss

Earliest post: 2026-05-10

Recent Entries

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

05/29/2026

Title	Date Published ↓	Describes Incident	Author	Visible
CVE-2026-48527 \| haxtheweb haxcms-nodejs/haxcms-php up to 26.0.0 Attribute Name /system/api/saveNode cross site scripting	2026-05-29	True	vuldb.com	True
CVE-2026-9509 \| Suprema BioStar 2 2.9.8/2.9.10/2.9.11 /api/migration uncaught exception	2026-05-29	True	vuldb.com	True
CVE-2026-49324 \| Indian Motorcycle Scout Bobber and Tech 2025 Wireless Control resource consumption	2026-05-29	True	vuldb.com	True
CVE-2026-49323 \| Indian Motorcycle Scout Bobber and Tech 2025 Wireless Control weak authentication	2026-05-29	True	vuldb.com	True
CVE-2026-45312 \| infiniflow RAGFlow up to 0.24.0 rag/prompts/generator.py special elements used in a template engine	2026-05-29	True	vuldb.com	True
CVE-2026-45043 \| RustFS up to 1.0.0-beta.1 Endpoint import-iam privileges management	2026-05-29	True	vuldb.com	True
CVE-2026-9508 \| Suprema BioStar 2 up to 2.9.11 ZIP File permission assignment	2026-05-29	True	vuldb.com	True
CVE-2026-8326 \| Remote Spark SparkView 1127 path traversal	2026-05-29	True	vuldb.com	True
CVE-2026-45551 \| Intermesh groupoffice up to 6.8.164/25.0.1004/26.0.24 Email saveSetting email_font_size cross site scripting	2026-05-29	True	vuldb.com	True
CVE-2026-9811 \| Mautic up to 7.1.1 Project Selector cross site scripting (GHSA-5hvg-w58j-545m / WID-SEC-2026-1724)	2026-05-29	True	vuldb.com	True
CVE-2026-9809 \| Mautic up to 7.1.1 Projects cross site scripting (GHSA-7h65-whp7-rgqf / WID-SEC-2026-1724)	2026-05-29	True	vuldb.com	True
CVE-2025-41280 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 File Compression path traversal	2026-05-29	True	vuldb.com	True
CVE-2025-41279 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Administration WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2025-41277 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2025-41276 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2025-41275 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2025-41272 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2025-41270 \| Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection	2026-05-29	True	vuldb.com	True
CVE-2026-10070 \| macrozheng mall up to 1.0.3 Super Admin Password /admin/update/ improper authorization (Issue 970)	2026-05-29	True	vuldb.com	True
CVE-2026-10069 \| Shibby Tomato 1.28 usr/sbin/miniupnpd resource consumption	2026-05-29	True	vuldb.com	True
CVE-2026-10068 \| Shibby Tomato 1.28 SUBSCRIBE Call usr/sbin/miniupnpd send server-side request forgery	2026-05-29	True	vuldb.com	True
CVE-2026-10066 \| Shibby Tomato up to 1.28 UPS Service tomatoups.cgi sub_9068 stack-based overflow	2026-05-29	True	vuldb.com	True
CVE-2026-10065 \| Shibby Tomato 1.28 tomatodata.cgi get_ups_field Date stack-based overflow	2026-05-29	True	vuldb.com	True
CVE-2026-10064 \| TRENDnet TEW-432BRP 3.10B20 /goform/formSetPortTr special_name stack-based overflow	2026-05-29	True	vuldb.com	True
CVE-2026-10063 \| TRENDnet TEW-432BRP 3.10B20 /goform/formWPS peerPin stack-based overflow	2026-05-29	True	vuldb.com	True
CVE-2026-10062 \| TRENDnet TEW-432BRP 3.10B20 /goform/formSetRoute ip/mask/gateway stack-based overflow	2026-05-29	True	vuldb.com	True
CVE-2026-10061 \| TRENDnet TEW-432BRP 3.10B20 /goform/formWPS peerPin command injection	2026-05-29	True	vuldb.com	True
CVE-2026-10060 \| TRENDnet TEW-432BRP 3.10B20 /goform/formSetRoute ip/mask/gateway command injection	2026-05-29	True	vuldb.com	True
CVE-2026-45343 \| Kovah LinkAce up to 2.5.5 SSO/OAuth cross site scripting (GHSA-jx4g-ph82-x9mm)	2026-05-29	True	vuldb.com	True
CVE-2026-48116 \| Mintplex-Labs anything-llm up to 1.12.x command injection (GHSA-6hrp-7mw6-8v59)	2026-05-29	True	vuldb.com	True
CVE-2026-6891 \| Canon My Image Garden up to 3.6.8 on macOS link following	2026-05-29	True	vuldb.com	True
CVE-2026-45366 \| universal-tool-calling-protocol typescript-utcp up to 1.1.1 registerManual server-side request forgery (GHSA-r8j5-8747-88cm)	2026-05-29	True	vuldb.com	True
CVE-2026-44848 \| portainer Community Edition up to 2.33.7/2.39.1/2.40.x /plugins/ authorization (GHSA-rrmm-9v76-h3p4)	2026-05-29	True	vuldb.com	True
CVE-2026-9243 \| posimyththemes The Plus Addons for Elementor Plugin up to 6.4.15 on WordPress Carousel Anything Widget carousel_direction cross site scripting (EUVD-2026-33254)	2026-05-29	True	vuldb.com	True
CVE-2025-11262 \| linkwhspr Link Whisper Free Plugin up to 0.9.0 on WordPress user_id cross site scripting (EUVD-2025-209983)	2026-05-29	True	vuldb.com	True
CVE-2026-44883 \| portainer Community Edition up to 2.33.7/2.39.1/2.40.x get request method with sensitive query strings (GHSA-jvp4-q659-95mj)	2026-05-29	True	vuldb.com	True
CVE-2026-44882 \| portainer Community Edition up to 2.33.7 authorization (GHSA-mgq6-4x29-88r3)	2026-05-29	True	vuldb.com	True
CVE-2026-9714 \| creaweb2b Simple Divi Shortcode Plugin up to 1.2 on WordPress showmodule_shortcode ID cross site scripting (EUVD-2026-33252)	2026-05-29	True	vuldb.com	True
CVE-2026-44881 \| portainer Community Edition up to 2.33.7/2.39.1/2.40.x /api/stacks/{id}/file link following (GHSA-rpgq-m5fp-32wr)	2026-05-29	True	vuldb.com	True
CVE-2026-8732 \| flippercode WP Maps Pro Plugin up to 6.0.4 on WordPress Javascript Object wpgmp_temp_access_ajax nonce missing authentication (EUVD-2026-33251)	2026-05-29	True	vuldb.com	True
CVE-2026-6275 \| statcounter StatCounter Plugin up to 2.1.1 on WordPress statcounter_addToTags cross site scripting (EUVD-2026-33250)	2026-05-29	True	vuldb.com	True
CVE-2026-49322 \| Indian Motorcycle Scout Bobber and Tech 2025 Wireless Control weak authentication (EUVD-2026-33257)	2026-05-29	True	vuldb.com	True
CVE-2026-47713 \| Mintplex-Labs anything-llm up to 1.12.x improper authorization (GHSA-h349-hp2v-8rhw)	2026-05-29	True	vuldb.com	True
CVE-2026-45344 \| Kovah LinkAce up to 2.5.5 Mail Configuration injection (GHSA-37m5-936h-w455)	2026-05-29	True	vuldb.com	True
CVE-2026-3655 \| glboy OTP Login With Phone Number OTP Verification Plugin AJAX lwp_ajax_register improper authentication (EUVD-2026-33255)	2026-05-29	True	vuldb.com	True
CVE-2026-44885 \| portainer Community Edition up to 2.33.7 api/archive/targz.go path traversal (GHSA-m8fg-67j7-cx4v)	2026-05-29	True	vuldb.com	True
CVE-2026-44884 \| portainer Community Edition up to 2.33.7/2.39.0 Custom Template File Endpoint file authorization (GHSA-cqpq-2fgr-8mvc)	2026-05-29	True	vuldb.com	True
CVE-2026-44849 \| portainer Community Edition up to 2.33.7/2.39.1/2.40.x Docker Swarm Service API authorization (GHSA-5fxq-qcf3-244w)	2026-05-29	True	vuldb.com	True
CVE-2026-39929 \| Lakeside SysTrack Agent prior 11.2.1.28/11.3.0.38/11.4.0.24/11.5.0.15 out-of-bounds	2026-05-29	True	vuldb.com	True
CVE-2026-45410 \| mauriceboe TREK up to 3.0.17 Email Address information exposure (GHSA-3552-3c98-x79r)	2026-05-29	True	vuldb.com	True