|
3851
|
- |
|
-
|
-
|
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42138
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3852
|
8.8 |
HIGH
Network
|
-
|
-
|
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic…
|
CWE-78
OS Command
|
CVE-2026-31195
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3853
|
8.8 |
HIGH
Network
|
-
|
-
|
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut…
|
CWE-78
OS Command
|
CVE-2026-31196
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3854
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_string…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-39103
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3855
|
- |
|
-
|
-
|
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-31893
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3856
|
8.8 |
HIGH
Network
|
-
|
-
|
A remote code execution vulnerability
exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated
user with System Setting permissions can execute arbitrary commands on the
server b…
|
CWE-94
Code Injection
|
CVE-2026-7841
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3857
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered a…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34473
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3858
|
7.5 |
HIGH
Network
|
-
|
-
|
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. I…
|
CWE-200
Information Exposure
|
CVE-2026-34474
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3859
|
5.0 |
MEDIUM
Network
|
-
|
-
|
An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, an…
|
CWE-269
Improper Privilege Management
|
CVE-2026-7778
|
2026-05-8 00:12 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3860
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
