|
2131
|
6.1 |
MEDIUM
Network
|
-
|
-
|
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values contain…
|
CWE-91
Blind XPath Injection
|
CVE-2026-44664
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2132
|
- |
|
-
|
-
|
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-591…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42339
|
2026-05-14 01:53 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2133
|
6.5 |
MEDIUM
Network
|
-
|
-
|
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-42316
|
2026-05-14 01:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2134
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42199
|
2026-05-14 01:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2135
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes…
|
CWE-369
Divide By Zero
|
CVE-2026-42209
|
2026-05-14 01:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2136
|
- |
|
-
|
-
|
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter …
|
CWE-200
Information Exposure
|
CVE-2026-42333
|
2026-05-14 01:52 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2137
|
7.9 |
HIGH
Local
|
-
|
-
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when …
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-41520
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2138
|
- |
|
-
|
-
|
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerato…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-42206
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2139
|
7.6 |
HIGH
Network
|
-
|
-
|
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42224
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2140
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42291
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
