|
611
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7602
|
2026-05-2 13:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7209
|
2026-05-2 13:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6378
|
2026-05-2 13:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denia…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7601
|
2026-05-2 12:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-7596
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames.
'Elixir.Bandit.HTTP2.Frame':deserialize/2 i…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42788
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The fragment reassembly path in 'Elixir.Ba…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42786
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
- |
|
-
|
-
|
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections.
'Elixir.Bandit.Pipeline':determine_…
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-39807
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
- |
|
-
|
-
|
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers.
'Elixir.Bandit.Headers':get_content_length/1 in lib/b…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-39805
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compressio…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39804
|
2026-05-2 11:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
