|
1321
|
5.3 |
MEDIUM
Network
|
rexxars
|
eventsource-encoder
|
eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…
|
CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting
|
CVE-2026-44214
|
2026-05-28 23:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer ove…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-9605
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can …
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9581
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
7.5 |
HIGH
Network
|
archive\
|
\
|
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), …
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-9538
|
2026-05-28 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
|
-
|
CVE-2026-48902
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
7.5 |
HIGH
Network
|
-
|
-
|
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-48901
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48864
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45715
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de…
|
CWE-15
CWE-78
CWE-306
External Control of System or Configuration Setting
OS Command
Missing Authentication for Critical Function
|
CVE-2026-45087
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate …
|
CWE-78
CWE-1336
OS Command
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44723
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
