|
1061
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S…
|
CWE-94
Code Injection
|
CVE-2026-44887
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1062
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly…
|
CWE-94
Code Injection
|
CVE-2026-44888
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
- |
|
-
|
-
|
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access…
|
CWE-287
CWE-347
Improper Authentication
Improper Verification of Cryptographic Signature
|
CVE-2026-44720
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1064
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45083
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1065
|
- |
|
-
|
-
|
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.
The header injection rule was ineffective at blocking header injections in the r…
|
CWE-113
CWE-790
HTTP Response Splitting
|
CVE-2026-9658
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
- |
|
-
|
-
|
Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.
This vulnerability is associated wi…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-47074
|
2026-05-30 00:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
6.1 |
MEDIUM
Network
|
golang
|
net
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-27136
|
2026-05-30 00:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1068
|
9.6 |
CRITICAL
Network
|
golang
|
net
|
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com…
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-39821
|
2026-05-30 00:26 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1069
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9416
|
2026-05-30 00:16 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1070
|
4.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This v…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-6324
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
