|
191
|
8.1 |
HIGH
Network
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
New
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-42452
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-42451
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulne…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42354
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
8.6 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to reques…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42352
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
7.5 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystem…
New
|
CWE-22
Path Traversal
|
CVE-2026-42351
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
- |
|
-
|
-
|
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo que…
New
|
CWE-601
Open Redirect
|
CVE-2026-42350
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42346
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
7.7 |
HIGH
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42345
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-42344
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service rel…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42343
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
