|
1891
|
- |
|
-
|
-
|
Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially…
|
CWE-89
SQL Injection
|
CVE-2026-42287
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1892
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but th…
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-41887
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1893
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email bo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42192
|
2026-05-13 01:45 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1894
|
- |
|
-
|
-
|
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor ID…
|
CWE-400
CWE-611
CWE-776
Uncontrolled Resource Consumption
XXE
XML Entity Expansion
|
CVE-2026-42212
|
2026-05-13 01:43 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1895
|
- |
|
-
|
-
|
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor f…
|
CWE-22
CWE-200
CWE-295
CWE-918
Path Traversal
Information Exposure
Improper Certificate Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-42213
|
2026-05-13 01:43 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1896
|
6.8 |
MEDIUM
Network
|
-
|
-
|
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
|
CWE-284
Improper Access Control
|
CVE-2026-1749
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1897
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to…
|
-
|
CVE-2026-32683
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1898
|
7.2 |
HIGH
Network
|
-
|
-
|
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
|
CWE-78
OS Command
|
CVE-2026-3828
|
2026-05-13 01:42 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1899
|
- |
|
-
|
-
|
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service rel…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42343
|
2026-05-13 01:41 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1900
|
7.5 |
HIGH
Network
|
-
|
-
|
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystem…
|
CWE-22
Path Traversal
|
CVE-2026-42351
|
2026-05-13 01:41 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
