|
2641
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42348
|
2026-05-14 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2642
|
6.5 |
MEDIUM
Local
|
-
|
-
|
OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryPro…
|
CWE-379
Creation of Temporary File in Directory with Incorrect Permissions
|
CVE-2026-42191
|
2026-05-14 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2643
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is cre…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42180
|
2026-05-14 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2644
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-51394
|
2026-05-14 03:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2645
|
- |
|
-
|
-
|
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified requ…
|
CWE-22
CWE-26
Path Traversal
Path Traversal: '/dir/../filename'
|
CVE-2026-42196
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2646
|
- |
|
-
|
-
|
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and th…
|
CWE-22
Path Traversal
|
CVE-2026-44307
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2647
|
5.3 |
MEDIUM
Network
|
-
|
-
|
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. Th…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44341
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2648
|
- |
|
-
|
-
|
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
|
CWE-22
Path Traversal
|
CVE-2026-44301
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2649
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44245
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2650
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users…
|
CWE-20
Improper Input Validation
|
CVE-2026-2695
|
2026-05-14 03:10 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
