|
1571
|
8.9 |
HIGH
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42556
|
2026-05-14 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1572
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface.
'Elixir.Absinthe.P…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42794
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1573
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled Gra…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42793
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1574
|
- |
|
-
|
-
|
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.
'Elixir.Absinthe.Phase.Docum…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-43967
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1575
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values.
cow_sse:event/1 in cowlib guards…
|
CWE-93
CRLF Injection
|
CVE-2026-43968
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1576
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields.
cow_co…
|
CWE-93
CRLF Injection
|
CVE-2026-43969
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1577
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation.
The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-7790
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1578
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.
The channel …
|
CWE-89
SQL Injection
|
CVE-2026-32687
|
2026-05-14 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1579
|
- |
|
-
|
-
|
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-47091
|
2026-05-14 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1580
|
- |
|
-
|
-
|
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 …
|
CWE-20
Improper Input Validation
|
CVE-2026-8369
|
2026-05-14 00:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
