|
271
|
9.6 |
CRITICAL
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py…
Update
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-42088
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
5.3 |
MEDIUM
Network
|
flowiseai
|
flowise
|
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Respo…
New
|
CWE-200
CWE-284
CWE-312
Information Exposure
Improper Access Control
Cleartext Storage of Sensitive Information
|
CVE-2026-8026
|
2026-05-8 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span a…
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41310
|
2026-05-8 00:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM insta…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41483
|
2026-05-8 00:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collecto…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41484
|
2026-05-8 00:04 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41142
|
2026-05-8 00:03 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
- |
|
-
|
-
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42217
|
2026-05-8 00:03 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41674
|
2026-05-8 00:02 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and…
Update
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24118
|
2026-05-8 00:00 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM…
Update
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24120
|
2026-05-8 00:00 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
