|
2831
|
7.3 |
HIGH
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa…
|
CWE-777
Regular Expression without Anchors
|
CVE-2026-40110
|
2026-05-11 21:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2832
|
5.3 |
MEDIUM
Local
|
prusa3d
|
prusaslicer
|
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
|
CWE-77
Command Injection
|
CVE-2023-47268
|
2026-05-11 21:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2833
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
|
CWE-459
Incomplete Cleanup
|
CVE-2025-66467
|
2026-05-11 21:57 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2834
|
9.1 |
CRITICAL
Network
|
ollama
|
ollama
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-11 21:27 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2835
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
|
CWE-78
OS Command
|
CVE-2026-8153
|
2026-05-11 19:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2836
|
4.7 |
MEDIUM
Network
|
oracle
|
macoron
|
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w…
|
CWE-601
CWE-346
Open Redirect
Origin Validation Error
|
CVE-2026-35253
|
2026-05-11 05:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2837
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-5791
|
2026-05-11 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2838
|
8.8 |
HIGH
Network
|
apache
|
cloudstack
|
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an…
|
CWE-94
Code Injection
|
CVE-2026-25077
|
2026-05-11 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2839
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev…
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7915
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2840
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
|
CWE-787
CWE-125
Out-of-bounds Write
Out-of-bounds Read
|
CVE-2026-7902
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
