|
91
|
- |
|
-
|
-
|
GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An a…
Update
|
CWE-94
Code Injection
|
CVE-2026-45261
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
- |
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync…
Update
|
CWE-94
CWE-345
CWE-494
CWE-915
Code Injection
Insufficient Verification of Data Authenticity
Download of Code Without Integrity Check
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45058
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urlj…
Update
|
CWE-601
Open Redirect
|
CVE-2026-45307
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value…
New
|
CWE-79
CWE-918
Cross-site Scripting
Server-Side Request Forgery (SSRF)
|
CVE-2026-43979
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
8.2 |
HIGH
Network
|
-
|
-
|
deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46509
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
5.3 |
MEDIUM
Network
|
mermaid_project
|
mermaid
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
New
|
CWE-94
Code Injection
|
CVE-2026-41159
|
2026-06-2 03:38 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attacke…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-32906
|
2026-06-2 03:37 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
5.3 |
MEDIUM
Network
|
mermaid_project
|
mermaid
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41150
|
2026-06-2 03:37 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
8.3 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without…
New
|
CWE-862
Missing Authorization
|
CVE-2026-32905
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-34507
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
