|
581
|
5.9 |
MEDIUM
Network
|
-
|
-
|
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41470
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned …
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-33642
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
- |
|
-
|
-
|
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 …
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-8370
|
2026-05-20 06:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
8.8 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/acco…
|
CWE-269
CWE-434
Improper Privilege Management
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42844
|
2026-05-20 06:00 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
7.5 |
HIGH
Network
|
-
|
-
|
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in …
|
CWE-23
Relative Path Traversal
|
CVE-2026-8073
|
2026-05-20 06:00 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p…
|
CWE-862
Missing Authorization
|
CVE-2026-8096
|
2026-05-20 06:00 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
7.8 |
HIGH
Local
|
protobufjs_project
|
protobufjs-cli
|
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process…
|
CWE-78
OS Command
|
CVE-2026-42290
|
2026-05-20 05:56 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
5.3 |
MEDIUM
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded …
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-44288
|
2026-05-20 05:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
8.7 |
HIGH
Network
|
protobufjs_project
|
protobufjs-cli
|
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When ge…
|
CWE-94
Code Injection
|
CVE-2026-44295
|
2026-05-20 05:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
7.2 |
HIGH
Network
|
dkfz
|
nnu-net
|
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable…
|
CWE-74
Injection
|
CVE-2026-44246
|
2026-05-20 05:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
