|
1301
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A rem…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42011
|
2026-05-8 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1302
|
- |
|
-
|
-
|
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac…
|
CWE-93
CRLF Injection
|
CVE-2026-39849
|
2026-05-8 00:48 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1303
|
8.3 |
HIGH
Network
|
-
|
-
|
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL lite…
|
CWE-89
SQL Injection
|
CVE-2026-41422
|
2026-05-8 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1304
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell comma…
|
CWE-78
OS Command
|
CVE-2026-42076
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1305
|
5.2 |
MEDIUM
Local
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all Ja…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42077
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1306
|
7.7 |
HIGH
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41688
|
2026-05-8 00:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1307
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-42090
|
2026-05-8 00:44 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1308
|
8.1 |
HIGH
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary…
|
CWE-22
Path Traversal
|
CVE-2026-42075
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1309
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/…
|
CWE-285
Improper Authorization
|
CVE-2026-41572
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1310
|
6.5 |
MEDIUM
Network
|
-
|
-
|
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr…
|
CWE-200
Information Exposure
|
CVE-2026-42092
|
2026-05-8 00:43 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
