|
3861
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3862
|
7.8 |
HIGH
Local
|
-
|
-
|
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may b…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-6691
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3863
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3864
|
- |
|
-
|
-
|
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plai…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-7824
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3865
|
- |
|
-
|
-
|
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image.
When processing SVG marker references, the renderer retrieves a node by its id at…
|
CWE-122
CWE-843
Heap-based Buffer Overflow
Type Confusion
|
CVE-2026-6210
|
2026-05-8 00:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3866
|
- |
|
-
|
-
|
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40171
|
2026-05-8 00:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3867
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil poin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-41642
|
2026-05-8 00:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3868
|
9.6 |
CRITICAL
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-42088
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3869
|
5.3 |
MEDIUM
Network
|
flowiseai
|
flowise
|
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Respo…
|
CWE-200
CWE-284
CWE-312
Information Exposure
Improper Access Control
Cleartext Storage of Sensitive Information
|
CVE-2026-8026
|
2026-05-8 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3870
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM insta…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41483
|
2026-05-8 00:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
