|
1201
|
6.5 |
MEDIUM
Network
|
langchain
|
langchain-text-splitters
|
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valid…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41481
|
2026-04-29 00:43 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1202
|
9.1 |
CRITICAL
Network
|
budibase
|
budibase
|
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Si…
|
CWE-287
Improper Authentication
|
CVE-2026-41428
|
2026-04-29 00:39 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1203
|
9.1 |
CRITICAL
Network
|
bacnetstack
|
bacnet_stack
|
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41475
|
2026-04-29 00:36 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1204
|
7.5 |
HIGH
Network
|
bacnetstack
|
bacnet_stack
|
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decod…
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2026-41502
|
2026-04-29 00:35 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1205
|
7.5 |
HIGH
Network
|
bacnetstack
|
bacnet_stack
|
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41503
|
2026-04-29 00:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1206
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting …
|
-
|
CVE-2026-5306
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1207
|
7.5 |
HIGH
Network
|
-
|
-
|
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31256
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1208
|
5.4 |
MEDIUM
Network
|
tenda
|
ac18_firmware
|
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows…
|
CWE-77
Command Injection
|
CVE-2026-31255
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1209
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without pro…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29971
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1210
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements…
|
CWE-94
Code Injection
|
CVE-2026-27760
|
2026-04-29 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
