|
211
|
7.5 |
HIGH
Network
|
-
|
-
|
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-37457
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
6.5 |
MEDIUM
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the C…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42091
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
- |
|
-
|
-
|
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42138
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
- |
|
-
|
-
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
New
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
New
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
3.7 |
LOW
Network
|
-
|
-
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
New
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
8.8 |
HIGH
Network
|
-
|
-
|
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic…
New
|
CWE-78
OS Command
|
CVE-2026-31195
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
8.8 |
HIGH
Network
|
-
|
-
|
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut…
New
|
CWE-78
OS Command
|
CVE-2026-31196
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_string…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-39103
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
