|
141
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.
This issue affects Apache Calcite: from 1.5.0 before 1.42.
Users are recommended …
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-46718
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-45729
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
8.2 |
HIGH
Network
|
-
|
-
|
parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-45302
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
- |
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44593
|
2026-06-3 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.
Package keys read from build/packages/packages.t…
New
|
CWE-22
Path Traversal
|
CVE-2026-43965
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball.
The file collection helpers (gleam_files, native_…
New
|
CWE-59
Link Following
|
CVE-2026-42795
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Fi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42670
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when app…
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-42015
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42013
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42012
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
