|
1731
|
7.5 |
HIGH
Network
|
-
|
-
|
Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-f…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-44302
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1732
|
- |
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry …
|
CWE-77
Command Injection
|
CVE-2026-44257
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1733
|
- |
|
-
|
-
|
DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.
|
CWE-791
Incomplete Filtering of Special Elements
|
CVE-2026-44232
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1734
|
8.6 |
HIGH
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise construct…
|
CWE-248
Uncaught Exception
|
CVE-2026-44001
|
2026-05-19 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1735
|
7.5 |
HIGH
Network
|
-
|
-
|
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoc…
|
CWE-20
CWE-248
CWE-400
Improper Input Validation
Uncaught Exception
Uncontrolled Resource Consumption
|
CVE-2026-42544
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1736
|
10.0 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard …
|
CWE-94
Code Injection
|
CVE-2026-42288
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1737
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malici…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42157
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1738
|
5.0 |
MEDIUM
Network
|
-
|
-
|
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41195
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1739
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBas…
|
CWE-200
Information Exposure
|
CVE-2026-39079
|
2026-05-19 01:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1740
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…
|
CWE-94
Code Injection
|
CVE-2025-67031
|
2026-05-19 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
