|
61
|
- |
|
-
|
-
|
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach t…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-42859
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
8.5 |
HIGH
Network
|
-
|
-
|
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42858
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42857
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
- |
|
-
|
-
|
Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and d…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42856
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
8.8 |
HIGH
Network
|
-
|
-
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta…
New
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-42603
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
9.1 |
CRITICAL
Network
|
-
|
-
|
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the …
New
|
CWE-287
Improper Authentication
|
CVE-2026-42560
|
2026-05-12 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
- |
|
-
|
-
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts…
New
|
CWE-77
Command Injection
|
CVE-2026-42453
|
2026-05-12 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
6.5 |
MEDIUM
Network
|
-
|
-
|
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k…
New
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-42316
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
8.1 |
HIGH
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
New
|
CWE-22
CWE-36
Path Traversal
Absolute Path Traversal
|
CVE-2026-42315
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ …
New
|
CWE-22
Path Traversal
|
CVE-2026-42314
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
