|
441
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33052
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
7.5 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of…
New
|
CWE-400
CWE-459
CWE-770
Uncontrolled Resource Consumption
Incomplete Cleanup
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33232
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
8.2 |
HIGH
Local
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows o…
New
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-22810
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to r…
New
|
CWE-78
OS Command
|
CVE-2026-25244
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
7.0 |
HIGH
Local
|
-
|
-
|
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_…
New
|
CWE-378
Creation of Temporary File With Insecure Permissions
|
CVE-2026-4137
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
New
|
CWE-862
Missing Authorization
|
CVE-2026-32312
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
7.3 |
HIGH
Local
|
-
|
-
|
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
New
|
CWE-269
CWE-345
CWE-427
Improper Privilege Management
Insufficient Verification of Data Authenticity
Uncontrolled Search Path Element
|
CVE-2026-32323
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
9.6 |
CRITICAL
Network
|
-
|
-
|
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests fr…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-2611
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-45492
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-8544
|
2026-05-19 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
