|
341
|
9.1 |
CRITICAL
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. T…
New
|
CWE-88
Argument Injection
|
CVE-2026-44193
|
2026-05-16 02:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
4.7 |
MEDIUM
Network
|
lfprojects
|
mcp_registry
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audienc…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44428
|
2026-05-16 02:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
9.1 |
CRITICAL
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileg…
New
|
CWE-78
OS Command
|
CVE-2026-44194
|
2026-05-16 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
7.5 |
HIGH
Network
|
-
|
-
|
After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se…
New
|
CWE-416
Use After Free
|
CVE-2026-8336
|
2026-05-16 02:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
7.4 |
HIGH
Network
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rgl…
New
|
CWE-59
CWE-200
Link Following
Information Exposure
|
CVE-2026-45539
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
7.1 |
HIGH
Network
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
New
|
CWE-184
CWE-601
Incomplete Blacklist
Open Redirect
|
CVE-2026-45037
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
- |
|
-
|
-
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the RE…
New
|
CWE-284
Improper Access Control
|
CVE-2026-44774
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
New
|
CWE-94
Code Injection
|
CVE-2026-44717
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
7.5 |
HIGH
Network
|
-
|
-
|
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44714
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
New
|
CWE-129
CWE-390
Improper Validation of Array Index
Detection of Error Condition Without Action
|
CVE-2026-44310
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
