|
2511
|
7.7 |
HIGH
Network
|
-
|
-
|
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v…
|
CWE-284
Improper Access Control
|
CVE-2026-46821
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
- |
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45342
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.
The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decryp…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41565
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
7.3 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-30761
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.
|
CWE-20
Improper Input Validation
|
CVE-2026-30760
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.
_dosToUnixTime() decodes the local-file-header last-modification da…
|
CWE-248
Uncaught Exception
|
CVE-2025-15649
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
7.1 |
HIGH
Network
|
-
|
-
|
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_promp…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-45134
|
2026-05-30 01:12 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
5.4 |
MEDIUM
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes block…
|
CWE-770
CWE-841
Allocation of Resources Without Limits or Throttling
Improper Enforcement of Behavioral Workflow
|
CVE-2026-45023
|
2026-05-30 01:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox vi…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9963
|
2026-05-30 01:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
7.5 |
HIGH
Network
|
dell
|
unisphere_for_powermax_virtual_appliance
|
Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp
|
CWE-285
Improper Authorization
|
CVE-2022-34363
|
2026-05-30 00:53 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
