|
881
|
7.4 |
HIGH
Network
|
-
|
-
|
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48501
|
2026-05-30 01:33 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
2.0 |
LOW
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only …
|
CWE-59
Link Following
|
CVE-2026-45403
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul…
|
CWE-78
OS Command
|
CVE-2026-44590
|
2026-05-30 01:32 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
8.0 |
HIGH
Network
|
-
|
-
|
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-37266
|
2026-05-30 01:32 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
- |
|
-
|
-
|
An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component
|
-
|
CVE-2026-37579
|
2026-05-30 01:32 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
- |
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti…
|
CWE-22
Path Traversal
|
CVE-2026-44593
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
7.5 |
HIGH
Network
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, a Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the browser field in…
|
CWE-22
Path Traversal
|
CVE-2026-44594
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
8.1 |
HIGH
Network
|
-
|
-
|
Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem…
|
CWE-22
Path Traversal
|
CVE-2026-44973
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
5.3 |
MEDIUM
Network
|
-
|
-
|
TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an e…
|
CWE-203
CWE-208
Information Exposure Through Discrepancy
Information Exposure Through Timing Discrepancy
|
CVE-2026-45410
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter…
|
CWE-89
SQL Injection
|
CVE-2018-25398
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
