|
1821
|
8.2 |
HIGH
Network
|
-
|
-
|
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or reso…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43993
|
2026-05-14 02:00 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1822
|
5.5 |
MEDIUM
Local
|
jqlang
|
jq
|
jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40612
|
2026-05-14 02:00 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1823
|
7.5 |
HIGH
Network
|
golang
|
go
|
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-42501
|
2026-05-14 01:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1824
|
7.5 |
HIGH
Network
|
golang
|
go
|
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
|
NVD-CWE-noinfo
|
CVE-2026-42499
|
2026-05-14 01:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1825
|
6.1 |
MEDIUM
Network
|
golang
|
go
|
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-39826
|
2026-05-14 01:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1826
|
5.3 |
MEDIUM
Network
|
golang
|
go
|
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize…
|
NVD-CWE-noinfo
|
CVE-2026-39825
|
2026-05-14 01:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1827
|
6.1 |
MEDIUM
Network
|
golang
|
go
|
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39823
|
2026-05-14 01:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1828
|
4.3 |
MEDIUM
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL…
|
CWE-200
CWE-639
Information Exposure
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42456
|
2026-05-14 01:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1829
|
- |
|
-
|
-
|
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Window…
|
CWE-59
CWE-269
Link Following
Improper Privilege Management
|
CVE-2026-44470
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1830
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), comma…
|
CWE-200
CWE-532
Information Exposure
Inclusion of Sensitive Information in Log Files
|
CVE-2026-44479
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
