|
1411
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to pe…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44499
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1412
|
5.3 |
MEDIUM
Network
|
-
|
-
|
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intend…
|
CWE-22
Path Traversal
|
CVE-2026-42028
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1413
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6659
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1414
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server co…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41517
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1415
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verif…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-42193
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1416
|
3.4 |
LOW
Network
|
-
|
-
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
|
CWE-200
CWE-601
Information Exposure
Open Redirect
|
CVE-2026-42195
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1417
|
8.8 |
HIGH
Network
|
-
|
-
|
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to i…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42205
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1418
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing un…
|
CWE-352
Origin Validation Error
|
CVE-2026-42286
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1419
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially…
|
CWE-89
SQL Injection
|
CVE-2026-42287
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1420
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but th…
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-41887
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
