|
991
|
6.5 |
MEDIUM
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the C…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-42091
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
- |
|
-
|
-
|
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42138
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
- |
|
-
|
-
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
Update
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
Update
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
3.7 |
LOW
Network
|
-
|
-
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
8.8 |
HIGH
Network
|
-
|
-
|
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic…
Update
|
CWE-78
OS Command
|
CVE-2026-31195
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
8.8 |
HIGH
Network
|
-
|
-
|
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut…
Update
|
CWE-78
OS Command
|
CVE-2026-31196
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_string…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-39103
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
- |
|
-
|
-
|
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1…
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-31835
|
2026-05-8 00:15 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
