|
201
|
- |
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-45151
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
5.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted…
New
|
CWE-203
CWE-204
Information Exposure Through Discrepancy
Response Discrepancy Information Exposure
|
CVE-2026-45294
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
3.3 |
LOW
Physics
|
-
|
-
|
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul…
New
|
CWE-415
Double Free
|
CVE-2026-45324
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
3.3 |
LOW
Local
|
-
|
-
|
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-45613
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as …
New
|
CWE-94
CWE-693
CWE-1336
Code Injection
Protection Mechanism Failure
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-45697
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
- |
|
-
|
-
|
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before …
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-46384
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
- |
|
-
|
-
|
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state ins…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46385
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
- |
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47266
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
7.4 |
HIGH
Network
|
-
|
-
|
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48555
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
8.8 |
HIGH
Network
|
-
|
-
|
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-48557
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
