|
711
|
- |
|
-
|
-
|
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin…
New
|
CWE-306
CWE-942
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-44895
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
712
|
- |
|
-
|
-
|
eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurse…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44844
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
713
|
6.5 |
MEDIUM
Network
|
-
|
-
|
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-44836
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
714
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar…
New
|
CWE-22
Path Traversal
|
CVE-2026-44788
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
715
|
5.8 |
MEDIUM
Network
|
-
|
-
|
eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…
New
|
CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting
|
CVE-2026-44214
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
716
|
- |
|
-
|
-
|
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid.
OCSP re…
New
|
CWE-295
CWE-672
Improper Certificate Validation
Operation on a Resource after Expiration or Release
|
CVE-2026-42791
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
717
|
- |
|
-
|
-
|
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certifi…
New
|
CWE-295
CWE-296
Improper Certificate Validation
Improper Following of a Certificate's Chain of Trust
|
CVE-2026-42789
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
718
|
7.1 |
HIGH
Network
|
-
|
-
|
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML exter…
New
|
CWE-611
XXE
|
CVE-2026-3603
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
719
|
3.3 |
LOW
Local
|
-
|
-
|
NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-39824
|
2026-05-27 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
720
|
9.6 |
CRITICAL
Network
|
-
|
-
|
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-39821
|
2026-05-27 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
