|
4021
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flag…
|
CWE-668
CWE-1188
Exposure of Resource to Wrong Sphere
Insecure Default Initialization of Resource
|
CVE-2026-46430
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4022
|
7.5 |
HIGH
Network
|
microsoft
|
defender_antimalware_platform
|
Microsoft Defender Denial of Service Vulnerability
|
CWE-400
NVD-CWE-noinfo
Uncontrolled Resource Consumption
|
CVE-2026-45498
|
2026-05-27 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4023
|
7.6 |
HIGH
Network
|
-
|
-
|
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper …
|
CWE-89
SQL Injection
|
CVE-2026-44680
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4024
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44502
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4025
|
- |
|
-
|
-
|
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory but performs no boundary c…
|
CWE-22
Path Traversal
|
CVE-2026-43982
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4026
|
- |
|
-
|
-
|
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Sin…
|
CWE-362
Race Condition
|
CVE-2026-43981
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4027
|
4.3 |
MEDIUM
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "M…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43936
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4028
|
8.1 |
HIGH
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l…
|
CWE-20
CWE-807
Improper Input Validation
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-43935
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4029
|
- |
|
-
|
-
|
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
For succe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2264
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4030
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24162
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
