|
771
|
8.7 |
HIGH
Network
|
-
|
-
|
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization b…
|
CWE-22
CWE-61
Path Traversal
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-42275
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the mo…
|
CWE-79
Cross-site Scripting
|
CVE-2022-23961
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
- |
|
-
|
-
|
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
|
-
|
CVE-2024-46508
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
- |
|
-
|
-
|
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
|
-
|
CVE-2024-53326
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
- |
|
-
|
-
|
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular express…
|
-
|
CVE-2023-46453
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
- |
|
-
|
-
|
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthen…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-41161
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
8.1 |
HIGH
Network
|
-
|
-
|
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before …
|
CWE-22
CWE-284
Path Traversal
Improper Access Control
|
CVE-2026-41491
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
- |
|
-
|
-
|
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b…
|
CWE-121
CWE-122
Stack-based Buffer Overflow
Heap-based Buffer Overflow
|
CVE-2026-41509
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
- |
|
-
|
-
|
An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload func…
|
-
|
CVE-2026-38361
|
2026-05-9 01:08 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated cre…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-41308
|
2026-05-9 01:08 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
