|
991
|
- |
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authent…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45342
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
8.6 |
HIGH
Local
|
-
|
-
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowli…
Update
|
CWE-78
OS Command
|
CVE-2026-44466
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.
The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decryp…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41565
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
8.8 |
HIGH
Network
|
-
|
-
|
@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenati…
Update
|
CWE-78
OS Command
|
CVE-2026-36044
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
7.3 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file.
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-30761
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-30760
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to comma…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-10060
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
8.3 |
HIGH
Network
|
-
|
-
|
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-10017
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.
_dosToUnixTime() decodes the local-file-header last-modification da…
Update
|
CWE-248
Uncaught Exception
|
CVE-2025-15649
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
7.1 |
HIGH
Network
|
-
|
-
|
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_promp…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-45134
|
2026-05-30 01:12 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
