|
2321
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…
|
CWE-416
Use After Free
|
CVE-2026-45185
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2322
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31214
|
2026-05-14 00:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2323
|
8.0 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-27753
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2324
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-30059
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2325
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…
|
CWE-78
OS Command
|
CVE-2026-31246
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2326
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31247
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2327
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabli…
|
CWE-776
XML Entity Expansion
|
CVE-2026-31248
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2328
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-32661
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2329
|
7.8 |
HIGH
Local
|
-
|
-
|
Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer,…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44612
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2330
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-25107
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
