CVE-2026-41149
— Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …
|
Injection
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-23663
— Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-42901
— Microsoft Entra ID Elevation of Privilege Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41104
— Microsoft Planetary Computer Pro Information Disclosure Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-45659
— Microsoft SharePoint Remote Code Execution Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41148
— Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …
|
Injection
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-33843
— Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-47280
— Azure Resource Manager Elevation of Privilege Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-40411
— Azure Virtual Network Gateway Remote Code Execution Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-35430
— Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-23652
— Microsoft Power Pages Remote Code Execution Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-40412
— Azure Orbital Spatio Remote Code Execution Vulnerability
None
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41147
— NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input saniti…
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…
|
Cross-Site Scripting
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations…
|
Authentication
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41075
— RT: SQL injection via entry_aggregator parameter in JSON search
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i…
|
Injection
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41074
— RT has broken CSRF protection for authenticated users
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in…
|
Cross-Site Request Forgery
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
CVE-2026-41073
— RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and simi…
RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled …
|
Injection
May 22, 2026
May 22, 2026
May 22, 2026
May 22, 2026
