Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-w9xh-5f39-vq89 |
8.2 (3.1)
|
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration | 2026-05-20T15:46:55Z | 2026-05-20T15:46:55Z |
| ghsa-gp95-j463-vv28 |
7.5 (3.1)
|
phpMyFAQ: Default Empty API Token Authentication Bypass | 2026-05-20T15:46:42Z | 2026-05-20T15:46:42Z |
| ghsa-xvp4-phqj-cjr3 |
8.8 (3.1)
|
phpMyFAQ: IDOR Account Takeover | 2026-05-20T15:46:17Z | 2026-05-20T15:46:17Z |
| ghsa-9qv9-8xv6-5p35 |
8.2 (3.1)
|
phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Chang… | 2026-05-20T15:45:53Z | 2026-05-20T15:45:53Z |
| ghsa-c2c9-mfw7-p8hw |
5.3 (4.0)
|
Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected … | 2026-05-20T15:45:19Z | 2026-05-20T15:45:19Z |
| ghsa-59fh-9f3p-7m39 |
6.0 (4.0)
|
Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash a… | 2026-05-20T15:44:40Z | 2026-05-20T15:44:40Z |
| ghsa-m837-xvxr-vqwg |
6.9 (4.0)
|
Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage | 2026-05-20T15:38:02Z | 2026-05-20T15:38:02Z |
| ghsa-mw8f-w6p8-xrf4 |
8.5 (3.1)
|
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None | 2026-05-20T15:37:26Z | 2026-05-20T15:37:26Z |
| ghsa-pxh5-6rrc-8rjv |
3.1 (3.1)
|
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-contro… | 2026-05-20T15:35:45Z | 2026-05-20T15:35:45Z |
| ghsa-cpwg-526g-9gc5 |
5.9 (3.1)
|
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessiv… | 2026-05-20T15:35:34Z | 2026-05-20T15:35:34Z |
| ghsa-f7rp-9ghh-f4gm |
8.1 (3.1)
|
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ov… | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-cqgq-ff3f-rj7r |
7.5 (3.1)
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS … | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-6mm6-m775-chpm |
7.5 (3.1)
|
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BI… | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-4mj8-945c-q57m |
7.8 (3.1)
|
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-2qq9-gw9m-g2rg |
6.5 (3.1)
|
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain c… | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-2pjm-rchf-gxmp |
5.3 (3.1)
|
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-serve… | 2026-05-20T15:35:33Z | 2026-05-20T15:35:33Z |
| ghsa-hx33-9q48-6r26 |
5.0 (3.1)
|
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template… | 2026-05-20T15:35:32Z | 2026-05-20T15:35:32Z |
| ghsa-8gp3-pghr-6wxp |
4.0 (3.1)
|
Microsoft Defender Denial of Service Vulnerability | 2026-05-20T15:35:32Z | 2026-05-20T15:35:32Z |
| ghsa-33pm-33cg-5576 |
7.8 (3.1)
|
Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center… | 2026-05-20T15:35:32Z | 2026-05-20T15:35:32Z |
| ghsa-p65f-mhrm-vhrc |
7.5 (3.1)
|
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable… | 2026-05-20T15:35:31Z | 2026-05-20T15:35:31Z |
| ghsa-h776-j9jw-992p |
7.8 (3.1)
|
Improper link resolution before file access ('link following') in Microsoft Defender allows an auth… | 2026-05-20T15:35:31Z | 2026-05-20T15:35:31Z |
| ghsa-g9v3-4rrx-2w2w |
7.6 (3.1)
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability … | 2026-05-20T15:35:31Z | 2026-05-20T15:35:31Z |
| ghsa-8v2c-7qqj-7wp7 |
7.4 (3.1)
|
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects … | 2026-05-20T15:35:31Z | 2026-05-20T15:35:31Z |
| ghsa-v254-7qjr-r9fr |
6.5 (3.1)
|
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Co… | 2026-05-20T15:35:30Z | 2026-05-20T15:35:30Z |
| ghsa-pfv9-gp3h-73xv |
7.0 (3.1)
7.3 (4.0)
|
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemo… | 2026-05-20T15:35:30Z | 2026-05-20T15:35:30Z |
| ghsa-6vcv-q8rq-gc32 |
4.3 (3.1)
|
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploit… | 2026-05-20T15:35:30Z | 2026-05-20T15:35:30Z |
| ghsa-63mj-2fw3-4w3h |
5.3 (3.1)
|
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim … | 2026-05-20T15:35:30Z | 2026-05-20T15:35:31Z |
| ghsa-vxj4-gq73-gm2c |
8.0 (3.1)
|
Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. … | 2026-05-20T15:35:29Z | 2026-05-20T15:35:29Z |
| ghsa-vx3g-ch3r-7568 |
6.5 (3.1)
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2026-05-20T15:35:29Z | 2026-05-20T15:35:29Z |
| ghsa-468c-vq7p-gh64 |
8.2 (4.0)
|
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service | 2026-05-20T15:35:13Z | 2026-05-20T15:35:13Z |