|
1051
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg()
Claude pointed out that there is a nfs4_file refcount leak in
nfsd_get_…
Update
|
NVD-CWE-Other
|
CVE-2026-43193
|
2026-05-12 05:36 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, al…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-45222
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
9.6 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules…
Update
|
CWE-20
CWE-22
CWE-94
CWE-829
CWE-913
Improper Input Validation
Path Traversal
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-44336
|
2026-05-12 05:25 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
9.4 |
CRITICAL
Network
|
-
|
-
|
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware a…
New
|
CWE-22
CWE-863
Path Traversal
Incorrect Authorization
|
CVE-2026-42882
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
4.9 |
MEDIUM
Network
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSec…
New
|
CWE-285
Improper Authorization
|
CVE-2026-42876
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
- |
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvide…
New
|
CWE-285
CWE-668
Improper Authorization
Exposure of Resource to Wrong Sphere
|
CVE-2026-42875
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
3.7 |
LOW
Network
|
-
|
-
|
Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n se…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-42874
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of use…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42872
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
- |
|
-
|
-
|
Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42866
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
4.3 |
MEDIUM
Network
|
-
|
-
|
@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient valida…
New
|
CWE-601
Open Redirect
|
CVE-2026-42565
|
2026-05-12 05:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
