|
951
|
7.5 |
HIGH
Network
|
-
|
-
|
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the w…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7776
|
2026-05-6 05:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of th…
New
|
CWE-89
SQL Injection
|
CVE-2026-40329
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the …
New
|
CWE-89
SQL Injection
|
CVE-2026-40330
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altT…
New
|
CWE-89
SQL Injection
|
CVE-2026-40331
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42078
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
8.6 |
HIGH
Local
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtin…
Update
|
CWE-95
Eval Injection
|
CVE-2026-42079
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42080
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipu…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7738
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload…
Update
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7732
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Ha…
Update
|
CWE-74
CWE-88
Injection
Argument Injection
|
CVE-2026-7725
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
