|
1111
|
8.6 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42469
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1112
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-69606
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1113
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
Update
|
CWE-77
Command Injection
|
CVE-2026-26461
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1114
|
7.5 |
HIGH
Network
|
-
|
-
|
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-37457
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1115
|
6.5 |
MEDIUM
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the C…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-42091
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1116
|
- |
|
-
|
-
|
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42138
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1117
|
- |
|
-
|
-
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1118
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
Update
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1119
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
Update
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1120
|
3.7 |
LOW
Network
|
-
|
-
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
