|
931
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44788
|
2026-05-30 01:25 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44353
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza…
Update
|
CWE-601
CWE-863
Open Redirect
Incorrect Authorization
|
CVE-2026-44681
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
7.5 |
HIGH
Network
|
-
|
-
|
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil…
Update
|
CWE-129
CWE-476
Improper Validation of Array Index
NULL Pointer Dereference
|
CVE-2026-45104
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
- |
|
-
|
-
|
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as t…
Update
|
CWE-250
CWE-271
CWE-426
Execution with Unnecessary Privileges
Privilege Dropping / Lowering Errors
Untrusted Search Path
|
CVE-2026-44477
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
9.6 |
CRITICAL
Network
|
-
|
-
|
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45323
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
8.3 |
HIGH
Network
|
-
|
-
|
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and …
New
|
CWE-94
CWE-346
CWE-749
CWE-940
Code Injection
Origin Validation Error
Exposed Dangerous Method or Function
Improper Verification of Source of a Communication Channel
|
CVE-2026-44698
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML pag…
New
|
CWE-416
Use After Free
|
CVE-2026-9956
|
2026-05-30 01:20 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
8.2 |
HIGH
Network
|
-
|
-
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44843
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
- |
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-44903
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
