CVE ID :CVE-2026-34463 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored…
CVE-2026-34358 – CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CVE ID :CVE-2026-34358 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control…
CVE-2026-34241 – CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking
CVE ID :CVE-2026-34241 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting…
CVE-2026-34234 – CtrlPanel: Unauthenticated RCE using installer script
CVE ID :CVE-2026-34234 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php)…
CVE-2026-32740 – libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing
CVE ID :CVE-2026-32740 Published : May 19, 2026, 8:16 p.m. | 4 hours, 5 minutes ago Description :libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a…
CVE-2026-8851 – SOGo 5.12.7 SQL Injection via addUserInAcls endpoint
CVE ID :CVE-2026-8851 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated…
CVE-2026-8838 – Remote Code Execution via eval() Injection in amazon-redshift-python-driver
CVE ID :CVE-2026-8838 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :Unsafe use of Python’s eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows…
CVE-2026-27130 – Dokploy has Command Injection in its Service Operations
CVE ID :CVE-2026-27130 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command…
CVE-2026-26978 – Free PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.php
CVE ID :CVE-2026-26978 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does…
CVE-2026-25244 – WebdriverIO has Command Injection in the BrowserStack Service
CVE ID :CVE-2026-25244 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and…