|
1341
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
|
CWE-284
Improper Access Control
|
CVE-2023-24215
|
2026-05-20 00:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
5.5 |
MEDIUM
Local
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per…
|
CWE-369
Divide By Zero
|
CVE-2026-46469
|
2026-05-20 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
7.8 |
HIGH
Local
|
vercel
|
turborepo_language_server_protocol
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
|
CWE-77
Command Injection
|
CVE-2026-46508
|
2026-05-20 00:12 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
6.1 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
CWE-79
Cross-site Scripting
|
CVE-2026-45494
|
2026-05-20 00:06 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
- |
|
-
|
-
|
FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup co…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26978
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
6.5 |
MEDIUM
Network
|
-
|
-
|
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27737
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33052
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
7.5 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of…
|
CWE-400
CWE-459
CWE-770
Uncontrolled Resource Consumption
Incomplete Cleanup
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33232
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
8.2 |
HIGH
Local
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows o…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-22810
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to r…
|
CWE-78
OS Command
|
CVE-2026-25244
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
