|
281
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can es…
Update
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24781
|
2026-05-8 00:00 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and …
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-26956
|
2026-05-8 00:00 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
8.8 |
HIGH
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses…
New
|
CWE-200
Information Exposure
|
CVE-2025-52613
|
2026-05-7 23:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-41647
|
2026-05-7 23:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-41684
|
2026-05-7 23:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
- |
|
-
|
-
|
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-se…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40280
|
2026-05-7 23:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
- |
|
-
|
-
|
Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39383
|
2026-05-7 23:58 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
New
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-7 23:58 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
9.1 |
CRITICAL
Network
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41201
|
2026-05-7 23:57 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts…
New
|
CWE-22
Path Traversal
|
CVE-2026-41202
|
2026-05-7 23:57 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
