|
1461
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a…
|
CWE-94
Code Injection
|
CVE-2026-42298
|
2026-05-14 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1462
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42346
|
2026-05-14 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1463
|
8.9 |
HIGH
Network
|
-
|
-
|
Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42556
|
2026-05-14 00:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1464
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface.
'Elixir.Absinthe.P…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42794
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1465
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled Gra…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42793
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1466
|
- |
|
-
|
-
|
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.
'Elixir.Absinthe.Phase.Docum…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-43967
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1467
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values.
cow_sse:event/1 in cowlib guards…
|
CWE-93
CRLF Injection
|
CVE-2026-43968
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1468
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields.
cow_co…
|
CWE-93
CRLF Injection
|
CVE-2026-43969
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1469
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation.
The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-7790
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1470
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.
The channel …
|
CWE-89
SQL Injection
|
CVE-2026-32687
|
2026-05-14 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
