|
801
|
4.6 |
MEDIUM
Local
|
-
|
-
|
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded…
New
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-47090
|
2026-05-19 05:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
3.3 |
LOW
Local
|
-
|
-
|
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin…
New
|
CWE-22
Path Traversal
|
CVE-2026-47091
|
2026-05-19 05:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
7.8 |
HIGH
Local
|
-
|
-
|
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment vari…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-47092
|
2026-05-19 05:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
9.8 |
CRITICAL
Network
|
-
|
-
|
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-37228
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
7.8 |
HIGH
Local
|
-
|
-
|
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37231
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
9.8 |
CRITICAL
Network
|
-
|
-
|
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_…
Update
|
CWE-415
Double Free
|
CVE-2020-37239
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
9.8 |
CRITICAL
Network
|
-
|
-
|
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. …
Update
|
CWE-94
Code Injection
|
CVE-2021-47952
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
7.8 |
HIGH
Local
|
-
|
-
|
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37229
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
7.8 |
HIGH
Local
|
-
|
-
|
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37230
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
7.5 |
HIGH
Network
|
-
|
-
|
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoi…
Update
|
CWE-22
Path Traversal
|
CVE-2021-47942
|
2026-05-19 05:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
