Common Vulnerabilities and Exposures (CVE)

CVE-2026-30567

May 10, 2026 13:53:41 UTC

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to i...

CVE-2026-29934

May 10, 2026 13:53:08 UTC

A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header.

CVE-2026-28838

May 10, 2026 13:52:14 UTC

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.

CVE-2026-28833

May 10, 2026 13:51:50 UTC

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.

CVE-2026-28863

May 10, 2026 13:51:27 UTC

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

CVE-2025-13702

May 10, 2026 13:50:08 UTC

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...

CVE-2026-21671

May 10, 2026 13:48:38 UTC

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

CVE-2026-21669

May 10, 2026 13:34:10 UTC

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

CVE-2026-21668

May 10, 2026 13:33:44 UTC

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

CVE-2026-22723

May 10, 2026 13:31:44 UTC

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

CVE-2026-20797

May 10, 2026 13:30:10 UTC

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

CVE-2026-2914

May 10, 2026 13:28:59 UTC

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs

CVE-2026-21725

May 10, 2026 13:25:12 UTC

A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin ...

CVE-2025-37166

May 10, 2026 13:24:33 UTC

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A ...

CVE-2025-70041

May 10, 2026 13:23:47 UTC

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.