|
841
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malici…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42157
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
5.0 |
MEDIUM
Network
|
-
|
-
|
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41195
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBas…
New
|
CWE-200
Information Exposure
|
CVE-2026-39079
|
2026-05-19 01:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…
Update
|
CWE-94
Code Injection
|
CVE-2025-67031
|
2026-05-19 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
5.5 |
MEDIUM
Adjacent
|
google
|
chrome
|
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-8586
|
2026-05-19 00:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-46356
|
2026-05-19 00:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
6.5 |
MEDIUM
Network
|
webpack.js
|
webpack-dev-server
|
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…
Update
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-6402
|
2026-05-19 00:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-19 00:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
7.8 |
HIGH
Local
|
amd
|
radeon_software
cleanup_utility
|
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-36333
|
2026-05-19 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…
Update
|
CWE-89
CWE-121
SQL Injection
Stack-based Buffer Overflow
|
CVE-2026-6637
|
2026-05-19 00:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
