|
321
|
6.5 |
MEDIUM
Network
|
distribution
|
distribution
|
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: fal…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41888
|
2026-05-16 03:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
322
|
7.5 |
HIGH
Network
|
mongoosejs
|
mongoose
|
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query…
New
|
CWE-74
Injection
|
CVE-2026-42334
|
2026-05-16 03:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
323
|
4.3 |
MEDIUM
Network
|
etcd
|
etcd
|
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44283
|
2026-05-16 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
324
|
7.5 |
HIGH
Network
|
-
|
-
|
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
New
|
CWE-416
Use After Free
|
CVE-2026-8695
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
325
|
7.0 |
HIGH
Local
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
New
|
CWE-78
OS Command
|
CVE-2026-45036
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
326
|
- |
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
New
|
CWE-78
OS Command
|
CVE-2026-45035
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
327
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
New
|
CWE-295
CWE-347
Improper Certificate Validation
Improper Verification of Cryptographic Signature
|
CVE-2026-44309
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
328
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-330
CWE-331
CWE-338
Use of Insufficiently Random Values
Insufficient Entropy
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-42155
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
329
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
Update
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-16 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
330
|
9.1 |
CRITICAL
Network
|
gtsteffaniak
|
filebrowser_quantum
|
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allo…
New
|
CWE-22
Path Traversal
|
CVE-2026-44542
|
2026-05-16 03:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
