|
911
|
8.1 |
HIGH
Network
|
-
|
-
|
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
Update
|
CWE-89
SQL Injection
|
CVE-2026-44331
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
912
|
- |
|
-
|
-
|
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-39402
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
3.4 |
LOW
Adjacent
|
-
|
-
|
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44405
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
- |
|
-
|
-
|
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /di…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29080
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
915
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
Update
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
- |
|
-
|
-
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
- |
|
-
|
-
|
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user…
New
|
CWE-209
CWE-770
CWE-918
Information Exposure Through an Error Message
Allocation of Resources Without Limits or Throttling
Server-Side Request Forgery (SSRF)
|
CVE-2026-41644
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
918
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi…
New
|
CWE-330
CWE-338
Use of Insufficiently Random Values
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41505
|
2026-05-8 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-36358
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query str…
Update
|
CWE-436
Interpretation Conflict
|
CVE-2026-30246
|
2026-05-8 00:52 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
