|
761
|
6.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), da…
New
|
CWE-282
Improper Ownership Management
|
CVE-2026-40214
|
2026-05-9 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
7.4 |
HIGH
Network
|
-
|
-
|
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-40213
|
2026-05-9 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
7.4 |
HIGH
Local
|
-
|
-
|
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directo…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-34354
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
- |
|
-
|
-
|
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by o…
New
|
-
|
CVE-2026-29975
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
- |
|
-
|
-
|
An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan o…
New
|
-
|
CVE-2026-29974
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
8.6 |
HIGH
Network
|
-
|
-
|
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows un…
New
|
CWE-200
CWE-497
Information Exposure
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-42047
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
7.3 |
HIGH
Network
|
-
|
-
|
This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to t…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6411
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution envir…
New
|
CWE-78
CWE-94
CWE-250
CWE-284
CWE-693
OS Command
Code Injection
Execution with Unnecessary Privileges
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-41900
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
5.1 |
MEDIUM
Network
|
-
|
-
|
wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42150
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
7.1 |
HIGH
Network
|
-
|
-
|
PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/sk…
New
|
CWE-20
CWE-693
CWE-918
Improper Input Validation
Protection Mechanism Failure
Server-Side Request Forgery (SSRF)
|
CVE-2026-42261
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
