|
31
|
3.6 |
LOW
Local
|
lfprojects
|
mlflow
|
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipu…
New
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-10803
|
2026-06-5 03:24 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
7.5 |
HIGH
Network
|
-
|
-
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
New
|
-
|
CVE-2026-8881
|
2026-06-5 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
7.4 |
HIGH
Local
|
-
|
-
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
New
|
CWE-93
CRLF Injection
|
CVE-2026-50292
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
2.2 |
LOW
Network
|
-
|
-
|
In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "network:" at the beginning ("n…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-50266
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-50076
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks.
Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-49940
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
- |
|
-
|
-
|
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…
New
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-48040
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
7.4 |
HIGH
Network
|
-
|
-
|
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl…
New
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-44393
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled entries from `image_has…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43986
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
8.9 |
HIGH
Network
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is en…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-43984
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
