CVE ID :CVE-2021-47944 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by…
CVE-2021-47943 – TextPattern CMS 4.8.7 Remote Code Execution via File Upload
CVE ID :CVE-2021-47943 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands…
CVE-2026-42606 – AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass
CVE ID :CVE-2026-42606 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally…
CVE-2026-42605 – AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload
CVE ID :CVE-2026-42605 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter…
CVE-2026-42601 – ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
CVE ID :CVE-2026-42601 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint…
CVE-2026-42571 – Privilege Escalation Attack affecting Pelican Web UI
CVE ID :CVE-2026-42571 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before…
CVE-2026-42569 – phpvms: /importer authorization bypass causing full database wipe
CVE ID :CVE-2026-42569 Published : May 9, 2026, 8:16 p.m. | 4 hours, 6 minutes ago Description :phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical…
CVE-2026-42556 – Postiz stored XSS in public preview page
CVE ID :CVE-2026-42556 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated…
CVE-2026-42454 – Termix: OS Command Injection in Docker Container Management Endpoints
CVE ID :CVE-2026-42454 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to…
CVE-2026-42453 – Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass
CVE ID :CVE-2026-42453 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to…