|
781
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Th…
New
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2026-44263
|
2026-05-8 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
782
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
New
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-8 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
783
|
7.7 |
HIGH
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41688
|
2026-05-8 00:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
784
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th…
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-42090
|
2026-05-8 00:44 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
785
|
8.1 |
HIGH
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42075
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
786
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-41572
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
787
|
6.5 |
MEDIUM
Network
|
-
|
-
|
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr…
Update
|
CWE-200
Information Exposure
|
CVE-2026-42092
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
788
|
4.4 |
MEDIUM
Network
|
-
|
-
|
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42140
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
789
|
6.1 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42144
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
790
|
- |
|
-
|
-
|
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to c…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-33079
|
2026-05-8 00:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
