|
1631
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42199
|
2026-05-14 01:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes…
|
CWE-369
Divide By Zero
|
CVE-2026-42209
|
2026-05-14 01:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
- |
|
-
|
-
|
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter …
|
CWE-200
Information Exposure
|
CVE-2026-42333
|
2026-05-14 01:52 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
7.9 |
HIGH
Local
|
-
|
-
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when …
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-41520
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
- |
|
-
|
-
|
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerato…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-42206
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
7.6 |
HIGH
Network
|
-
|
-
|
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42224
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42291
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
- |
|
-
|
-
|
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo que…
|
CWE-601
Open Redirect
|
CVE-2026-42350
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java…
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2026-42451
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
3.8 |
LOW
Network
|
-
|
-
|
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th…
|
CWE-269
Improper Privilege Management
|
CVE-2026-44987
|
2026-05-14 01:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
