| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8126 | — | Hig | 0.47 | 7.3 | 0.00 | May 8, 2026 | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may… | |
| CVE-2026-6411 | — | Hig | 0.47 | 7.3 | 0.00 | May 7, 2026 | This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data… | |
| CVE-2026-7541 | Hig | 0.49 | 7.5 | 0.00 | May 7, 2026 | A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled… | ||
| CVE-2026-41105 | Hig | 0.53 | 8.1 | 0.01 | May 7, 2026 | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-40213 | — | Hig | 0.48 | 7.4 | 0.00 | May 7, 2026 | OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role… | |
| CVE-2026-35435 | Hig | 0.56 | 8.6 | 0.01 | May 7, 2026 | Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-34327 | Hig | 0.53 | 8.2 | 0.01 | May 7, 2026 | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-33111 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-32207 | Hig | 0.57 | 8.8 | 0.01 | May 7, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-26164 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-26129 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-8098 | Hig | 0.47 | 7.3 | 0.00 | May 7, 2026 | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2026-42449 | Hig | 0.48 | 8.5 | 0.00 | May 7, 2026 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous… | ||
| CVE-2026-42047 | Hig | 0.56 | 8.6 | 0.00 | May 7, 2026 | Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host… | ||
| CVE-2026-43510 | Hig | 0.42 | 7.6 | 0.00 | May 7, 2026 | manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30. | ||
| CVE-2026-42501 | Hig | 0.42 | 7.5 | 0.00 | May 7, 2026 | A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can… | ||
| CVE-2026-42499 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. | ||
| CVE-2026-42239 | — | Hig | 0.46 | 8.1 | 0.00 | May 7, 2026 | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every… | |
| CVE-2026-39836 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | ||
| CVE-2026-39820 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | ||
| CVE-2026-33814 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | ||
| CVE-2026-33811 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | ||
| CVE-2026-8083 | Hig | 0.47 | 7.3 | 0.00 | May 7, 2026 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made… | ||
| CVE-2026-44742 | Hig | 0.40 | 7.2 | 0.00 | May 7, 2026 | Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026. | ||
| CVE-2026-44244 | Hig | 0.44 | 7.8 | 0.00 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines… | ||
| CVE-2026-44243 | Hig | 0.39 | 7.1 | 0.00 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the… | ||
| CVE-2026-42284 | Hig | 0.46 | 8.1 | 0.01 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation… | ||
| CVE-2026-42215 | Hig | 0.50 | 8.8 | 0.01 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass… | ||
| CVE-2026-42214 | Hig | 0.44 | 7.8 | 0.00 | May 7, 2026 | Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains… | ||
| CVE-2026-41906 | Hig | 0.39 | 7.1 | 0.00 | May 7, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts… | ||
| CVE-2026-41905 | Hig | 0.43 | 7.7 | 0.00 | May 7, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final… | ||
| CVE-2026-41904 | Hig | 0.42 | 7.6 | 0.00 | May 7, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every… | ||
| CVE-2026-41653 | Hig | 0.39 | — | 0.00 | May 7, 2026 | BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been… | ||
| CVE-2026-7413 | Hig | 0.47 | 7.2 | 0.01 | May 7, 2026 | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary… | ||
| CVE-2026-7821 | Hig | 0.48 | 7.4 | 0.01 | May 7, 2026 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance… | ||
| CVE-2026-6973 | Hig | 0.59 | 7.2 | 0.34 | KEV | May 7, 2026 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | |
| CVE-2026-5788 | Hig | 0.46 | 7.0 | 0.01 | May 7, 2026 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | ||
| CVE-2026-5787 | Hig | 0.58 | 8.9 | 0.01 | May 7, 2026 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. | ||
| CVE-2026-5786 | Hig | 0.57 | 8.8 | 0.01 | May 7, 2026 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | ||
| CVE-2025-65122 | Hig | 0.49 | 7.5 | 0.00 | May 7, 2026 | Regex Denial of Service in youtube-regex npm package through version 1.0.5. | ||
| CVE-2026-44349 | Hig | 0.39 | — | 0.00 | May 7, 2026 | Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.L(fmt.Sprintf("LOWER(%s) LIKE ?",… | ||
| CVE-2026-42011 | — | Hig | 0.41 | 7.4 | 0.00 | May 7, 2026 | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during… | |
| CVE-2026-41688 | Hig | 0.43 | 7.7 | 0.00 | May 7, 2026 | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP… | ||
| CVE-2026-41654 | Hig | 0.46 | 8.1 | 0.00 | May 7, 2026 | Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/.json… | ||
| CVE-2026-41505 | Hig | 0.50 | 8.7 | 0.00 | May 7, 2026 | RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16. | ||
| CVE-2026-41422 | Hig | 0.47 | 8.3 | 0.00 | May 7, 2026 | Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation. This bypassed all… | ||
| CVE-2025-63705 | — | Hig | 0.57 | 8.8 | 0.01 | May 7, 2026 | NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js. | |
| CVE-2026-41554 | Hig | 0.46 | 7.1 | 0.00 | May 7, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2. | ||
| CVE-2026-41490 | Hig | 0.47 | 8.3 | 0.00 | May 7, 2026 | Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by… | ||
| CVE-2026-30495 | Hig | 0.57 | 8.8 | 0.00 | May 7, 2026 | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally,… |
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may…
- risk 0.47cvss 7.3epss 0.00
This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data…
- risk 0.49cvss 7.5epss 0.00
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled…
- risk 0.53cvss 8.1epss 0.01
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
- risk 0.48cvss 7.4epss 0.00
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role…
- risk 0.56cvss 8.6epss 0.01
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
- risk 0.53cvss 8.2epss 0.01
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.48cvss 8.5epss 0.00
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous…
- risk 0.56cvss 8.6epss 0.00
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host…
- risk 0.42cvss 7.6epss 0.00
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
- risk 0.42cvss 7.5epss 0.00
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can…
- risk 0.42cvss 7.5epss 0.01
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
- risk 0.46cvss 8.1epss 0.00
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every…
- risk 0.42cvss 7.5epss 0.01
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
- risk 0.42cvss 7.5epss 0.01
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
- risk 0.42cvss 7.5epss 0.01
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
- risk 0.42cvss 7.5epss 0.01
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made…
- risk 0.40cvss 7.2epss 0.00
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
- risk 0.44cvss 7.8epss 0.00
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines…
- risk 0.39cvss 7.1epss 0.00
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the…
- risk 0.46cvss 8.1epss 0.01
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation…
- risk 0.50cvss 8.8epss 0.01
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass…
- risk 0.44cvss 7.8epss 0.00
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains…
- risk 0.39cvss 7.1epss 0.00
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts…
- risk 0.43cvss 7.7epss 0.00
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final…
- risk 0.42cvss 7.6epss 0.00
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every…
- risk 0.39cvss —epss 0.00
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been…
- risk 0.47cvss 7.2epss 0.01
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary…
- risk 0.48cvss 7.4epss 0.01
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance…
- risk 0.59cvss 7.2epss 0.34
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
- risk 0.46cvss 7.0epss 0.01
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
- risk 0.58cvss 8.9epss 0.01
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
- risk 0.57cvss 8.8epss 0.01
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
- risk 0.49cvss 7.5epss 0.00
Regex Denial of Service in youtube-regex npm package through version 1.0.5.
- risk 0.39cvss —epss 0.00
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.L(fmt.Sprintf("LOWER(%s) LIKE ?",…
- risk 0.41cvss 7.4epss 0.00
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during…
- risk 0.43cvss 7.7epss 0.00
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP…
- risk 0.46cvss 8.1epss 0.00
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/.json…
- risk 0.50cvss 8.7epss 0.00
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
- risk 0.47cvss 8.3epss 0.00
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation. This bypassed all…
- risk 0.57cvss 8.8epss 0.01
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.
- risk 0.47cvss 8.3epss 0.00
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by…
- risk 0.57cvss 8.8epss 0.00
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally,…