|
1341
|
7.5 |
HIGH
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded …
|
CWE-345
CWE-494
Insufficient Verification of Data Authenticity
Download of Code Without Integrity Check
|
CVE-2026-42575
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
7.5 |
HIGH
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target poi…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-42574
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
- |
|
-
|
-
|
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escal…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42571
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
9.4 |
CRITICAL
Network
|
-
|
-
|
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been p…
|
CWE-284
CWE-306
CWE-862
Improper Access Control
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-42569
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
8.3 |
HIGH
Network
|
-
|
-
|
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use…
|
CWE-269
Improper Privilege Management
|
CVE-2026-42562
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42258
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42257
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating…
|
CWE-770
CWE-1322
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42256
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#startt…
|
CWE-392
CWE-393
CWE-636
CWE-754
CWE-841
Missing Report of Error Condition
Return of Wrong Status Code
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42246
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when re…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42245
|
2026-05-10 05:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
