|
211
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate …
New
|
CWE-78
CWE-1336
OS Command
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44723
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.9 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption…
New
|
CWE-59
CWE-287
Link Following
Improper Authentication
|
CVE-2026-44711
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
7.5 |
HIGH
Network
|
-
|
-
|
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlle…
New
|
CWE-22
CWE-89
CWE-915
CWE-1284
Path Traversal
SQL Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Improper Validation of Specified Quantity in Input
|
CVE-2026-44635
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul…
New
|
CWE-78
OS Command
|
CVE-2026-44590
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
7.5 |
HIGH
Network
|
archive\
|
\
|
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without va…
New
|
CWE-59
CWE-732
Link Following
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-42497
|
2026-05-28 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
9.1 |
CRITICAL
Network
|
archive\
|
\
|
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.
_make_special_file() passes the tar header's linkname to symlink() with…
New
|
CWE-59
Link Following
|
CVE-2026-42496
|
2026-05-28 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
- |
|
-
|
-
|
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-40914
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
7.3 |
HIGH
Network
|
-
|
-
|
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() functio…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-38422
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
- |
|
-
|
-
|
An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component
New
|
-
|
CVE-2026-37579
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
7.3 |
HIGH
Network
|
-
|
-
|
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to …
New
|
CWE-77
Command Injection
|
CVE-2026-36540
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
