|
3771
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-43002
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3772
|
7.7 |
HIGH
Network
|
-
|
-
|
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-42997
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3773
|
7.5 |
HIGH
Network
|
-
|
-
|
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
|
CWE-284
Improper Access Control
|
CVE-2024-52911
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3774
|
8.1 |
HIGH
Network
|
-
|
-
|
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
|
CWE-89
SQL Injection
|
CVE-2026-44331
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3775
|
3.4 |
LOW
Adjacent
|
-
|
-
|
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44405
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3776
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3777
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi…
|
CWE-330
CWE-338
Use of Insufficiently Random Values
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41505
|
2026-05-8 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3778
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
|
CWE-79
Cross-site Scripting
|
CVE-2026-36358
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3779
|
8.3 |
HIGH
Network
|
-
|
-
|
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, S…
|
CWE-89
SQL Injection
|
CVE-2026-41490
|
2026-05-8 00:50 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3780
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-8 00:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
