|
1521
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
|
CWE-129
CWE-390
Improper Validation of Array Index
Detection of Error Condition Without Action
|
CVE-2026-44310
|
2026-05-19 04:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-601
Open Redirect
|
CVE-2026-42207
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-87
Improper Neutralization of Alternate XSS Syntax
|
CVE-2026-42458
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
|
CWE-330
CWE-331
CWE-338
Use of Insufficiently Random Values
Insufficient Entropy
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-42155
|
2026-05-19 04:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
7.1 |
HIGH
Local
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.jso…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-44641
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
7.4 |
HIGH
Network
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rgl…
|
CWE-59
CWE-200
Link Following
Information Exposure
|
CVE-2026-45539
|
2026-05-19 04:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
- |
|
-
|
-
|
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive…
|
CWE-862
Missing Authorization
|
CVE-2026-2031
|
2026-05-19 04:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation cau…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8725
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-8747
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl…
|
CWE-22
Path Traversal
|
CVE-2026-8755
|
2026-05-19 04:31 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
