|
301
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8388
|
2026-05-20 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-20 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
- |
|
-
|
-
|
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-6009
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
8.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-suppl…
Update
|
CWE-79
CWE-434
CWE-646
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
Reliance on File Name or Extension of Externally-Supplied File
|
CVE-2026-45315
|
2026-05-20 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based …
New
|
CWE-22
CWE-287
Path Traversal
Improper Authentication
|
CVE-2026-36829
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
7.5 |
HIGH
Network
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-33633
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
5.9 |
MEDIUM
Network
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-32134
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
- |
|
-
|
-
|
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and S…
New
|
-
|
CVE-2025-61081
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi…
Update
|
CWE-78
OS Command
|
CVE-2026-31226
|
2026-05-20 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
8.8 |
HIGH
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
|
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Update
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-35436
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
