|
211
|
6.1 |
MEDIUM
Local
|
-
|
-
|
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socke…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-5071
|
2026-05-30 17:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site s…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10112
|
2026-05-30 17:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10111
|
2026-05-30 17:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10110
|
2026-05-30 16:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
New
|
CWE-839
Numeric Range Comparison Without Minimum Check
|
CVE-2026-48840
|
2026-05-30 13:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-con…
New
|
CWE-77
CWE-88
Command Injection
Argument Injection
|
CVE-2026-48116
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user w…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-47694
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14…
Update
|
CWE-94
Code Injection
|
CVE-2026-45374
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
7.4 |
HIGH
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as htt…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45373
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
- |
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScrip…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45343
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
