|
1871
|
8.2 |
HIGH
Network
|
-
|
-
|
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiri…
|
CWE-20
Improper Input Validation
|
CVE-2026-45137
|
2026-05-30 00:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
6.1 |
MEDIUM
Network
|
golang
|
net
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-25681
|
2026-05-30 00:30 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
7.5 |
HIGH
Network
|
-
|
-
|
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44209
|
2026-05-30 00:29 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1874
|
5.4 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/Aja…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42877
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
- |
|
-
|
-
|
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devi…
|
CWE-89
SQL Injection
|
CVE-2026-44886
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S…
|
CWE-94
Code Injection
|
CVE-2026-44887
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly…
|
CWE-94
Code Injection
|
CVE-2026-44888
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
- |
|
-
|
-
|
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access…
|
CWE-287
CWE-347
Improper Authentication
Improper Verification of Cryptographic Signature
|
CVE-2026-44720
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45083
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
- |
|
-
|
-
|
Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.
This vulnerability is associated wi…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-47074
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
