|
3341
|
6.5 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-40300
|
2026-05-14 03:58 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3342
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42899
|
2026-05-14 03:39 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3343
|
9.1 |
CRITICAL
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POS…
|
CWE-22
Path Traversal
|
CVE-2026-42608
|
2026-05-14 03:39 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3344
|
7.5 |
HIGH
Network
|
microsoft
|
outlook
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
|
CWE-77
Command Injection
|
CVE-2026-42893
|
2026-05-14 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3345
|
8.7 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-pr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34686
|
2026-05-14 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3346
|
6.1 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be dire…
|
CWE-74
Injection
|
CVE-2026-44455
|
2026-05-14 03:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3347
|
6.5 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44456
|
2026-05-14 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3348
|
5.3 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: A…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-44457
|
2026-05-14 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3349
|
4.3 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted inpu…
|
CWE-74
CWE-116
Injection
Improper Encoding or Escaping of Output
|
CVE-2026-44458
|
2026-05-14 03:32 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3350
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
|
CWE-79
Cross-site Scripting
|
CVE-2026-41250
|
2026-05-14 03:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
