CVE ID :CVE-2022-50944 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP…
CVE-2021-47949 – CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack
CVE ID :CVE-2021-47949 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute…
CVE-2021-47945 – Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation
CVE ID :CVE-2021-47945 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local…
CVE-2021-47944 – memono Notepad 4.2 Denial of Service via Buffer Overflow
CVE ID :CVE-2021-47944 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by…
CVE-2021-47943 – TextPattern CMS 4.8.7 Remote Code Execution via File Upload
CVE ID :CVE-2021-47943 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands…
CVE-2026-42606 – AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass
CVE ID :CVE-2026-42606 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally…
CVE-2026-42605 – AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload
CVE ID :CVE-2026-42605 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter…
CVE-2026-42601 – ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
CVE ID :CVE-2026-42601 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint…
CVE-2026-42571 – Privilege Escalation Attack affecting Pelican Web UI
CVE ID :CVE-2026-42571 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before…
CVE-2026-42569 – phpvms: /importer authorization bypass causing full database wipe
CVE ID :CVE-2026-42569 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical…