|
121
|
3.5 |
LOW
Network
|
-
|
-
|
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentio…
New
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2025-31959
|
2026-05-7 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
2.6 |
LOW
Network
|
-
|
-
|
HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.
New
|
CWE-352
Origin Validation Error
|
CVE-2025-31957
|
2026-05-7 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
6.1 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowi…
New
|
CWE-601
Open Redirect
|
CVE-2026-42230
|
2026-05-6 23:57 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be…
New
|
CWE-89
SQL Injection
|
CVE-2026-42229
|
2026-05-6 23:56 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
6.5 |
MEDIUM
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns the…
New
|
CWE-200
Information Exposure
|
CVE-2026-42223
|
2026-05-6 23:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
9.8 |
CRITICAL
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 1…
New
|
CWE-94
Code Injection
|
CVE-2026-42238
|
2026-05-6 23:45 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName
before constructing file paths, allowing an unauthenticated attacker to
wri…
New
|
CWE-22
Path Traversal
|
CVE-2026-43975
|
2026-05-6 23:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
8.1 |
HIGH
Network
|
apache
|
atlas
|
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can …
New
|
CWE-94
Code Injection
|
CVE-2026-40563
|
2026-05-6 23:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
6.6 |
MEDIUM
Local
|
-
|
-
|
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability…
New
|
CWE-94
Code Injection
|
CVE-2026-35255
|
2026-05-6 23:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with netw…
New
|
CWE-22
Path Traversal
|
CVE-2026-35254
|
2026-05-6 23:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
