|
1781
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled Gra…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42793
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
- |
|
-
|
-
|
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.
'Elixir.Absinthe.Phase.Docum…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-43967
|
2026-05-14 00:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values.
cow_sse:event/1 in cowlib guards…
|
CWE-93
CRLF Injection
|
CVE-2026-43968
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields.
cow_co…
|
CWE-93
CRLF Injection
|
CVE-2026-43969
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1785
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation.
The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-7790
|
2026-05-14 00:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.
The channel …
|
CWE-89
SQL Injection
|
CVE-2026-32687
|
2026-05-14 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
- |
|
-
|
-
|
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-47091
|
2026-05-14 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
- |
|
-
|
-
|
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 …
|
CWE-20
Improper Input Validation
|
CVE-2026-8369
|
2026-05-14 00:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized ac…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-29204
|
2026-05-14 00:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
7.1 |
HIGH
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2393
|
2026-05-14 00:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
