|
1291
|
3.4 |
LOW
Adjacent
|
-
|
-
|
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44405
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1292
|
- |
|
-
|
-
|
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network …
|
CWE-863
Incorrect Authorization
|
CVE-2026-39402
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1293
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1294
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi…
|
CWE-330
CWE-338
Use of Insufficiently Random Values
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41505
|
2026-05-8 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1295
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
|
CWE-79
Cross-site Scripting
|
CVE-2026-36358
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1296
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query str…
|
CWE-436
Interpretation Conflict
|
CVE-2026-30246
|
2026-05-8 00:52 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1297
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi…
|
CWE-287
Improper Authentication
|
CVE-2026-27960
|
2026-05-8 00:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1298
|
- |
|
-
|
-
|
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious reposi…
|
CWE-20
CWE-77
Improper Input Validation
Command Injection
|
CVE-2026-40068
|
2026-05-8 00:52 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1299
|
8.3 |
HIGH
Network
|
-
|
-
|
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, S…
|
CWE-89
SQL Injection
|
CVE-2026-41490
|
2026-05-8 00:50 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1300
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-8 00:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
