|
4411
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoin…
|
CWE-352
Origin Validation Error
|
CVE-2026-41255
|
2026-05-15 23:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4412
|
7.4 |
HIGH
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-sig…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41132
|
2026-05-15 23:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4413
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user inform…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45248
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4414
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc b…
|
CWE-506
Embedded Malicious Code
|
CVE-2026-8398
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4415
|
- |
|
-
|
-
|
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from t…
|
CWE-22
Path Traversal
|
CVE-2026-7182
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4416
|
- |
|
-
|
-
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
|
CWE-20
Improper Input Validation
|
CVE-2026-42327
|
2026-05-15 23:55 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4417
|
- |
|
-
|
-
|
OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem pa…
|
CWE-22
Path Traversal
|
CVE-2026-44647
|
2026-05-15 23:55 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4418
|
7.7 |
HIGH
Network
|
-
|
-
|
python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with …
|
CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
|
CVE-2026-45370
|
2026-05-15 23:55 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4419
|
- |
|
-
|
-
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-44662
|
2026-05-15 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4420
|
- |
|
-
|
-
|
Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{project_handle}/previews/{preview_id} endpoint loads the preview by its UUID wi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44678
|
2026-05-15 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
