|
351
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46526
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
- |
|
-
|
-
|
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi…
New
|
CWE-22
Path Traversal
|
CVE-2026-45731
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
5.7 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA val…
New
|
CWE-306
CWE-352
Missing Authentication for Critical Function
Origin Validation Error
|
CVE-2026-45610
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
7.2 |
HIGH
Network
|
-
|
-
|
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45609
|
2026-05-30 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses i…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-45041
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
New
|
CWE-416
Use After Free
|
CVE-2026-10014
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
New
|
CWE-416
Use After Free
|
CVE-2026-10000
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The atta…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-10061
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
9.8 |
CRITICAL
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The functi…
New
|
CWE-798
CWE-1392
Use of Hard-coded Credentials
Use of Default Credentials
|
CVE-2026-45039
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit…
New
|
CWE-312
CWE-532
Cleartext Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45040
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
