|
2051
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-51394
|
2026-05-14 03:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2052
|
- |
|
-
|
-
|
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified requ…
|
CWE-22
CWE-26
Path Traversal
Path Traversal: '/dir/../filename'
|
CVE-2026-42196
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2053
|
- |
|
-
|
-
|
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and th…
|
CWE-22
Path Traversal
|
CVE-2026-44307
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2054
|
5.3 |
MEDIUM
Network
|
-
|
-
|
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. Th…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44341
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2055
|
- |
|
-
|
-
|
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
|
CWE-22
Path Traversal
|
CVE-2026-44301
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2056
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44245
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2057
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users…
|
CWE-20
Improper Input Validation
|
CVE-2026-2695
|
2026-05-14 03:10 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2058
|
7.5 |
HIGH
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\Xml) does not validate the ss:I…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40863
|
2026-05-14 03:01 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2059
|
8.8 |
HIGH
Network
|
dell
|
automation_platform
|
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading …
|
CWE-862
Missing Authorization
|
CVE-2026-32658
|
2026-05-14 03:00 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2060
|
5.7 |
MEDIUM
Network
|
kimai
|
kimai
|
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-42267
|
2026-05-14 02:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
