|
2861
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-20 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
- |
|
-
|
-
|
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-6009
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
8.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-suppl…
|
CWE-79
CWE-434
CWE-646
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
Reliance on File Name or Extension of Externally-Supplied File
|
CVE-2026-45315
|
2026-05-20 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based …
|
CWE-22
CWE-287
Path Traversal
Improper Authentication
|
CVE-2026-36829
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
5.9 |
MEDIUM
Network
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-32134
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
- |
|
-
|
-
|
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and S…
|
-
|
CVE-2025-61081
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi…
|
CWE-78
OS Command
|
CVE-2026-31226
|
2026-05-20 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
8.8 |
HIGH
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
|
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-35436
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
5.5 |
MEDIUM
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
word
|
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-35440
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
8.4 |
HIGH
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-416
Use After Free
|
CVE-2026-40358
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
