|
191
|
8.1 |
HIGH
Network
|
-
|
-
|
SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b…
New
|
CWE-89
SQL Injection
|
CVE-2026-8851
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep…
New
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-37982
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac…
New
|
CWE-284
Improper Access Control
|
CVE-2026-37979
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
7.6 |
HIGH
Adjacent
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache byte…
New
|
CWE-94
CWE-345
CWE-502
Code Injection
Insufficient Verification of Data Authenticity
Deserialization of Untrusted Data
|
CVE-2026-33233
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
7.1 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijac…
New
|
CWE-862
Missing Authorization
|
CVE-2026-30950
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
7.2 |
HIGH
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the …
New
|
CWE-20
CWE-434
Improper Input Validation
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-27891
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
New
|
CWE-284
Improper Access Control
|
CVE-2023-24215
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
5.5 |
MEDIUM
Local
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per…
Update
|
CWE-369
Divide By Zero
|
CVE-2026-46469
|
2026-05-20 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
7.8 |
HIGH
Local
|
vercel
|
turborepo_language_server_protocol
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
Update
|
CWE-77
Command Injection
|
CVE-2026-46508
|
2026-05-20 00:12 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
6.1 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45494
|
2026-05-20 00:06 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
