|
451
|
7.4 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPPars…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42264
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
- |
|
-
|
-
|
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-42267
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
4.1 |
MEDIUM
Network
|
-
|
-
|
Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upl…
New
|
CWE-22
Path Traversal
|
CVE-2026-44298
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
7.8 |
HIGH
Local
|
-
|
-
|
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2022-26522
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
5.3 |
MEDIUM
Local
|
-
|
-
|
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2022-26523
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
New
|
CWE-78
OS Command
|
CVE-2022-45899
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42276
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42277
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
5.8 |
MEDIUM
Network
|
-
|
-
|
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42279
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
7.5 |
HIGH
Network
|
-
|
-
|
Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-27686
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
