|
4131
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …
|
CWE-94
Code Injection
|
CVE-2018-25320
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4132
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25331
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4133
|
6.1 |
MEDIUM
Network
|
-
|
-
|
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45231
|
2026-05-19 04:42 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4134
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8529
|
2026-05-19 04:41 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4135
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
|
CWE-295
CWE-347
Improper Certificate Validation
Improper Verification of Cryptographic Signature
|
CVE-2026-44309
|
2026-05-19 04:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4136
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
|
CWE-129
CWE-390
Improper Validation of Array Index
Detection of Error Condition Without Action
|
CVE-2026-44310
|
2026-05-19 04:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4137
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-601
Open Redirect
|
CVE-2026-42207
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4138
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-87
Improper Neutralization of Alternate XSS Syntax
|
CVE-2026-42458
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4139
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-330
CWE-331
CWE-338
Use of Insufficiently Random Values
Insufficient Entropy
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-42155
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4140
|
7.1 |
HIGH
Local
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.jso…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-44641
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
