|
1641
|
8.8 |
HIGH
Network
|
snorkel
|
snorkel
|
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31224
|
2026-05-14 00:44 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
7.1 |
HIGH
Network
|
-
|
-
|
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
|
CWE-352
Origin Validation Error
|
CVE-2026-45430
|
2026-05-14 00:43 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containin…
|
CWE-79
Cross-site Scripting
|
CVE-2025-70842
|
2026-05-14 00:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
7.7 |
HIGH
Network
|
-
|
-
|
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerabi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42141
|
2026-05-14 00:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email add…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2026-44306
|
2026-05-14 00:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when re…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42245
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#startt…
|
CWE-392
CWE-393
CWE-636
CWE-754
CWE-841
Missing Report of Error Condition
Return of Wrong Status Code
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42246
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating…
|
CWE-770
CWE-1322
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42256
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42257
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42258
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
