|
161
|
2.9 |
LOW
Local
|
-
|
-
|
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-44928
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP …
New
|
CWE-22
Path Traversal
|
CVE-2026-41493
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
4.7 |
MEDIUM
Network
|
-
|
-
|
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smar…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-41506
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
9.8 |
CRITICAL
Network
|
-
|
-
|
math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. Th…
New
|
CWE-94
Code Injection
|
CVE-2026-41507
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Se…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41423
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerabilit…
New
|
CWE-74
Injection
|
CVE-2025-67486
|
2026-05-9 01:02 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. T…
New
|
CWE-287
Improper Authentication
|
CVE-2026-41574
|
2026-05-9 01:02 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport w…
New
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-33190
|
2026-05-9 01:01 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The l…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-33489
|
2026-05-9 01:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
9.8 |
CRITICAL
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server check…
New
|
CWE-287
Improper Authentication
|
CVE-2026-35579
|
2026-05-9 00:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
