|
2571
|
- |
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47266
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2572
|
7.4 |
HIGH
Network
|
-
|
-
|
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48555
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2573
|
8.8 |
HIGH
Network
|
-
|
-
|
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-48557
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2574
|
- |
|
-
|
-
|
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-46384
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2575
|
9.1 |
CRITICAL
Network
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-22
Path Traversal
|
CVE-2026-44650
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2576
|
7.5 |
HIGH
Network
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-44648
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2577
|
- |
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44651
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2578
|
- |
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44652
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2579
|
8.5 |
HIGH
Network
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46372
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2580
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un…
|
CWE-362
Race Condition
|
CVE-2026-47741
|
2026-05-30 05:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
