|
81
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42348
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affect…
New
|
CWE-288
CWE-306
CWE-841
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42303
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
- |
|
-
|
-
|
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw strin…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42300
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
5.3 |
MEDIUM
Network
|
-
|
-
|
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter i…
New
|
CWE-284
CWE-436
Improper Access Control
Interpretation Conflict
|
CVE-2026-42177
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.5 |
MEDIUM
Network
|
-
|
-
|
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42175
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
7.7 |
HIGH
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerabi…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42141
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). Th…
New
|
CWE-22
Path Traversal
|
CVE-2026-42048
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
6.2 |
MEDIUM
Network
|
-
|
-
|
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/featur…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42045
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
- |
|
-
|
-
|
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) …
New
|
CWE-611
XXE
|
CVE-2026-41895
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
New
|
CWE-284
Improper Access Control
|
CVE-2026-41614
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
