|
401
|
- |
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
Update
|
CWE-78
OS Command
|
CVE-2026-45035
|
2026-05-19 04:34 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
7.0 |
HIGH
Local
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
Update
|
CWE-78
OS Command
|
CVE-2026-45036
|
2026-05-19 04:34 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
7.1 |
HIGH
Network
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
Update
|
CWE-184
CWE-601
Incomplete Blacklist
Open Redirect
|
CVE-2026-45037
|
2026-05-19 04:34 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
- |
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code …
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-45038
|
2026-05-19 04:34 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
7.1 |
HIGH
Local
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.jso…
Update
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-44641
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
7.4 |
HIGH
Network
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rgl…
Update
|
CWE-59
CWE-200
Link Following
Information Exposure
|
CVE-2026-45539
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
- |
|
-
|
-
|
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-2031
|
2026-05-19 04:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation cau…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8725
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-8747
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
7.2 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffe…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-8764
|
2026-05-19 04:31 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
