|
1201
|
7.5 |
HIGH
Network
|
-
|
-
|
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45047
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1202
|
8.8 |
HIGH
Network
|
-
|
-
|
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu…
|
CWE-89
SQL Injection
|
CVE-2026-44521
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1203
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-44451
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1204
|
- |
|
-
|
-
|
Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien…
|
CWE-20
Improper Input Validation
|
CVE-2026-42553
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1205
|
6.2 |
MEDIUM
Local
|
-
|
-
|
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on …
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-42328
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1206
|
7.8 |
HIGH
Local
|
-
|
-
|
Command injection in Raynet rvia version 12.6.4392.49-amd64.deb allows adversaries to execute arbitrary Java code via a crafted path that matches the improperly terminated search criteria of rvia's J…
|
CWE-77
Command Injection
|
CVE-2026-38945
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1207
|
4.3 |
MEDIUM
Network
|
-
|
-
|
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
|
CWE-79
Cross-site Scripting
|
CVE-2026-36239
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1208
|
5.2 |
MEDIUM
Adjacent
|
-
|
-
|
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URI…
|
CWE-79
Cross-site Scripting
|
CVE-2025-68709
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1209
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi…
|
CWE-94
Code Injection
|
CVE-2026-8633
|
2026-05-28 03:12 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1210
|
7.8 |
HIGH
Local
|
openvpn
|
connect
|
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
|
CWE-78
CWE-267
CWE-270
CWE-648
OS Command
Privilege Defined With Unsafe Actions
Privilege Context Switching Error
Incorrect Use of Privileged APIs
|
CVE-2026-9560
|
2026-05-28 03:08 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
