|
821
|
7.2 |
HIGH
Network
|
-
|
-
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL …
New
|
CWE-89
CWE-284
SQL Injection
Improper Access Control
|
CVE-2026-41641
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41587
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF …
New
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-41417
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
- |
|
-
|
-
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts u…
New
|
CWE-22
Path Traversal
|
CVE-2026-41203
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
- |
|
-
|
-
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/modul…
New
|
CWE-22
Path Traversal
|
CVE-2026-40076
|
2026-05-8 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted fro…
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-37532
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitl…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-37525
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authenticatio…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-37526
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
9.8 |
CRITICAL
Network
|
-
|
-
|
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu…
Update
|
CWE-22
CWE-367
Path Traversal
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-37531
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
New
|
CWE-352
CWE-1021
Origin Validation Error
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-8022
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
