CVE ID :CVE-2026-9141 Published : May 20, 2026, 8:16 p.m. | 4 hours, 5 minutes ago Description :Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the…
CVE-2026-9139 – Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
CVE ID :CVE-2026-9139 Published : May 20, 2026, 8:16 p.m. | 4 hours, 5 minutes ago Description :Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the…
CVE-2026-34463 – MantisBT has Stored HTML Injection/XSS via Clone Issue Form
CVE ID :CVE-2026-34463 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored…
CVE-2026-34358 – CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CVE ID :CVE-2026-34358 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control…
CVE-2026-34241 – CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking
CVE ID :CVE-2026-34241 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting…
CVE-2026-34234 – CtrlPanel: Unauthenticated RCE using installer script
CVE ID :CVE-2026-34234 Published : May 19, 2026, 10:16 p.m. | 2 hours, 5 minutes ago Description :CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php)…
CVE-2026-32740 – libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing
CVE ID :CVE-2026-32740 Published : May 19, 2026, 8:16 p.m. | 4 hours, 5 minutes ago Description :libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a…
CVE-2026-8851 – SOGo 5.12.7 SQL Injection via addUserInAcls endpoint
CVE ID :CVE-2026-8851 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated…
CVE-2026-8838 – Remote Code Execution via eval() Injection in amazon-redshift-python-driver
CVE ID :CVE-2026-8838 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :Unsafe use of Python’s eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows…
CVE-2026-27130 – Dokploy has Command Injection in its Service Operations
CVE ID :CVE-2026-27130 Published : May 18, 2026, 9:16 p.m. | 3 hours, 5 minutes ago Description :Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command…