|
3761
|
- |
|
-
|
-
|
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on p…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8295
|
2026-05-20 00:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3762
|
- |
|
-
|
-
|
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Cen…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-44088
|
2026-05-20 00:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3763
|
8.1 |
HIGH
Network
|
-
|
-
|
SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b…
|
CWE-89
SQL Injection
|
CVE-2026-8851
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3764
|
7.6 |
HIGH
Adjacent
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache byte…
|
CWE-94
CWE-345
CWE-502
Code Injection
Insufficient Verification of Data Authenticity
Deserialization of Untrusted Data
|
CVE-2026-33233
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3765
|
7.1 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijac…
|
CWE-862
Missing Authorization
|
CVE-2026-30950
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3766
|
7.2 |
HIGH
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the …
|
CWE-20
CWE-434
Improper Input Validation
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-27891
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3767
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
|
CWE-284
Improper Access Control
|
CVE-2023-24215
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3768
|
5.5 |
MEDIUM
Local
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per…
|
CWE-369
Divide By Zero
|
CVE-2026-46469
|
2026-05-20 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3769
|
7.8 |
HIGH
Local
|
vercel
|
turborepo_language_server_protocol
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
|
CWE-77
Command Injection
|
CVE-2026-46508
|
2026-05-20 00:12 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3770
|
6.1 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
CWE-79
Cross-site Scripting
|
CVE-2026-45494
|
2026-05-20 00:06 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
