|
781
|
- |
|
-
|
-
|
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An a…
New
|
CWE-284
Improper Access Control
|
CVE-2026-41487
|
2026-05-9 01:08 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
782
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was direc…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-41575
|
2026-05-9 01:08 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
783
|
9.0 |
CRITICAL
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-41588
|
2026-05-9 01:08 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
784
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Copilot said: i18nextify is a JavaScript library that adds
i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3…
New
|
CWE-22
CWE-74
Path Traversal
Injection
|
CVE-2026-41691
|
2026-05-9 01:05 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
785
|
4.7 |
MEDIUM
Network
|
-
|
-
|
i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-41692
|
2026-05-9 01:05 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
786
|
- |
|
-
|
-
|
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.
New
|
-
|
CVE-2024-33724
|
2026-05-9 01:04 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
787
|
- |
|
-
|
-
|
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers …
New
|
-
|
CVE-2026-37431
|
2026-05-9 01:03 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
788
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-enc…
New
|
CWE-178
CWE-436
Improper Handling of Case Sensitivity
Interpretation Conflict
|
CVE-2026-42272
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
789
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are cas…
New
|
CWE-178
CWE-436
Improper Handling of Case Sensitivity
Interpretation Conflict
|
CVE-2026-42273
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
790
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstre…
New
|
CWE-35
CWE-436
Path Traversal: '.../...//'
Interpretation Conflict
|
CVE-2026-42274
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
