|
4561
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted…
|
CWE-93
CRLF Injection
|
CVE-2026-46740
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4562
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D…
|
CWE-200
Information Exposure
|
CVE-2026-46427
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4563
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate…
|
CWE-269
Improper Privilege Management
|
CVE-2026-46424
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4564
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45718
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4565
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th…
|
CWE-601
Open Redirect
|
CVE-2026-45335
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4566
|
7.5 |
HIGH
Network
|
-
|
-
|
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both wri…
|
CWE-362
CWE-404
Race Condition
Improper Resource Shutdown or Release
|
CVE-2026-45090
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4567
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45061
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4568
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP…
|
CWE-362
Race Condition
|
CVE-2026-44443
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4569
|
5.3 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to t…
|
CWE-200
Information Exposure
|
CVE-2026-42878
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4570
|
3.7 |
LOW
Adjacent
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AM…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-42082
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
