|
2081
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45718
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2082
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th…
|
CWE-601
Open Redirect
|
CVE-2026-45335
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2083
|
7.5 |
HIGH
Network
|
-
|
-
|
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both wri…
|
CWE-362
CWE-404
Race Condition
Improper Resource Shutdown or Release
|
CVE-2026-45090
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2084
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45061
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2085
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP…
|
CWE-362
Race Condition
|
CVE-2026-44443
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2086
|
5.3 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to t…
|
CWE-200
Information Exposure
|
CVE-2026-42878
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2087
|
3.7 |
LOW
Adjacent
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AM…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-42082
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2088
|
5.3 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components
|
CWE-89
SQL Injection
|
CVE-2026-38808
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2089
|
8.8 |
HIGH
Network
|
-
|
-
|
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38807
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2090
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6051
|
2026-05-29 00:55 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
