|
1451
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi…
|
CWE-78
OS Command
|
CVE-2026-31226
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1452
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…
|
CWE-416
Use After Free
|
CVE-2026-45185
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1453
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31214
|
2026-05-14 00:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1454
|
8.0 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-27753
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1455
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-30059
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1456
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…
|
CWE-78
OS Command
|
CVE-2026-31246
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1457
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31247
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1458
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabli…
|
CWE-776
XML Entity Expansion
|
CVE-2026-31248
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1459
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-32661
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1460
|
7.8 |
HIGH
Local
|
-
|
-
|
Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer,…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44612
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
