|
31
|
- |
|
-
|
-
|
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader
Versions Affected: before 2.5.9, before 3.0.0-M3
Description:
The ExtensionLoader.instantiateExtension(C…
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-42027
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/…
New
|
CWE-285
Improper Authorization
|
CVE-2026-41572
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored pas…
New
|
CWE-287
Improper Authentication
|
CVE-2026-41571
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
7.5 |
HIGH
Network
|
-
|
-
|
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41471
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
- |
|
-
|
-
|
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor
Versions Affected: before 2.5.9, before 3.0.0-M3
Description: The DictionaryEntryPersistor …
New
|
CWE-611
XXE
|
CVE-2026-40682
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
- |
|
-
|
-
|
An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
New
|
-
|
CVE-2026-37459
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
8.8 |
HIGH
Network
|
-
|
-
|
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.
Update
|
CWE-611
XXE
|
CVE-2026-36765
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
8.8 |
HIGH
Network
|
-
|
-
|
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-36762
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer Over-read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-34059
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which f…
New
|
CWE-125
CWE-170
Out-of-bounds Read
Improper Null Termination
|
CVE-2026-34032
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
