|
4141
|
7.4 |
HIGH
Network
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rgl…
|
CWE-59
CWE-200
Link Following
Information Exposure
|
CVE-2026-45539
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4142
|
- |
|
-
|
-
|
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive…
|
CWE-862
Missing Authorization
|
CVE-2026-2031
|
2026-05-19 04:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4143
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation cau…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8725
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4144
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-8747
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4145
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl…
|
CWE-22
Path Traversal
|
CVE-2026-8755
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4146
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the comp…
|
CWE-22
Path Traversal
|
CVE-2026-8756
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4147
|
7.2 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffe…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-8764
|
2026-05-19 04:31 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4148
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8836
|
2026-05-19 04:26 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4149
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFuncti…
|
CWE-20
CWE-917
Improper Input Validation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-8759
|
2026-05-19 04:22 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4150
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentia…
|
CWE-20
Improper Input Validation
|
CVE-2026-8516
|
2026-05-19 04:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
