|
121
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the …
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-7817
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
8.8 |
HIGH
Network
|
-
|
-
|
OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.
User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An aut…
New
|
CWE-89
SQL Injection
|
CVE-2026-7816
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
8.8 |
HIGH
Network
|
-
|
-
|
SQL injection vulnerability in pgAdmin 4 Maintenance Tool.
Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly i…
New
|
CWE-89
SQL Injection
|
CVE-2026-7815
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
7.7 |
HIGH
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
New
|
CWE-200
Information Exposure
|
CVE-2026-44738
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
- |
|
-
|
-
|
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44737
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44284
|
2026-05-12 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and th…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43500
|
2026-05-12 02:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
- |
|
-
|
-
|
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now s…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-42845
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
8.8 |
HIGH
Network
|
-
|
-
|
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42843
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxono…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42842
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
