|
411
|
- |
|
-
|
-
|
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'.
The roo…
New
|
CWE-89
SQL Injection
|
CVE-2026-9059
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
- |
|
-
|
-
|
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/i…
New
|
CWE-89
SQL Injection
|
CVE-2026-9065
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
7.8 |
HIGH
Local
|
-
|
-
|
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, …
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-44933
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…
New
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-43617
|
2026-05-20 22:58 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
8.1 |
HIGH
Network
|
-
|
-
|
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-43618
|
2026-05-20 22:58 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
New
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43619
|
2026-05-20 22:58 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43620
|
2026-05-20 22:58 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
3.1 |
LOW
Network
|
-
|
-
|
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
New
|
CWE-193
Off-by-one Error
|
CVE-2026-45232
|
2026-05-20 22:58 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
7.5 |
HIGH
Local
|
-
|
-
|
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24163
|
2026-05-20 22:57 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
6.6 |
MEDIUM
Network
|
-
|
-
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.
This issue affects Drupal core: from 8.0.0 before 10.5.9, …
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-6366
|
2026-05-20 22:56 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
