|
1061
|
8.1 |
HIGH
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary…
|
CWE-22
Path Traversal
|
CVE-2026-42075
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1062
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/…
|
CWE-285
Improper Authorization
|
CVE-2026-41572
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
6.5 |
MEDIUM
Network
|
-
|
-
|
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr…
|
CWE-200
Information Exposure
|
CVE-2026-42092
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1064
|
4.4 |
MEDIUM
Network
|
-
|
-
|
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42140
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1065
|
6.1 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42144
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
- |
|
-
|
-
|
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to c…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-33079
|
2026-05-8 00:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
8.8 |
HIGH
Network
|
-
|
-
|
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'…
|
CWE-89
SQL Injection
|
CVE-2026-41143
|
2026-05-8 00:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1068
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()
Since commit aab5c6f20023 ("gpio: set device type for GPIO chi…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31732
|
2026-05-8 00:36 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1069
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8015
|
2026-05-8 00:30 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1070
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
|
CWE-416
Use After Free
|
CVE-2026-8016
|
2026-05-8 00:29 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
