|
651
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
New
|
NVD-CWE-Other
|
CVE-2026-21022
|
2026-05-14 02:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-14 02:26 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ …
Update
|
CWE-22
Path Traversal
|
CVE-2026-42314
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
8.1 |
HIGH
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
Update
|
CWE-22
CWE-36
Path Traversal
Absolute Path Traversal
|
CVE-2026-42315
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
6.8 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
Update
|
CWE-295
CWE-306
CWE-863
Improper Certificate Validation
Missing Authentication for Critical Function
Incorrect Authorization
|
CVE-2026-42312
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
8.3 |
HIGH
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
Update
|
CWE-441
CWE-863
CWE-918
Confused Deputy
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-42313
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
- |
|
-
|
-
|
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
Update
|
CWE-200
Information Exposure
|
CVE-2026-42865
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) …
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43995
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
5.3 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<p…
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-44226
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
8.4 |
HIGH
Local
|
-
|
-
|
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2020-37221
|
2026-05-14 02:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
