|
651
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5766
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
6.5 |
MEDIUM
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the C…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42091
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell comma…
New
|
CWE-78
OS Command
|
CVE-2026-42076
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
- |
|
-
|
-
|
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_string…
New
|
-
|
CVE-2026-39103
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
7.5 |
HIGH
Network
|
-
|
-
|
An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-37461
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-37458
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function…
New
|
CWE-77
CWE-94
Command Injection
Code Injection
|
CVE-2026-36365
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
- |
|
-
|
-
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker …
New
|
CWE-539
Use of Persistent Cookies Containing Sensitive Information
|
CVE-2026-35192
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit …
New
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2026-34002
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34000
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
