|
771
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-8 00:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service.
The decimal library does not bound the exponent on parsed input. Storing a decimal …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-32686
|
2026-05-8 00:49 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A rem…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42011
|
2026-05-8 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
- |
|
-
|
-
|
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac…
New
|
CWE-93
CRLF Injection
|
CVE-2026-39849
|
2026-05-8 00:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
8.3 |
HIGH
Network
|
-
|
-
|
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL lite…
New
|
CWE-89
SQL Injection
|
CVE-2026-41422
|
2026-05-8 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
5.4 |
MEDIUM
Network
|
-
|
-
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a c…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40296
|
2026-05-8 00:47 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell comma…
Update
|
CWE-78
OS Command
|
CVE-2026-42076
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
5.2 |
MEDIUM
Local
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all Ja…
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42077
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cycle_session_keys()", but DRF API tokens ("wlu_…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41519
|
2026-05-8 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
- |
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
New
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-8 00:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
