|
3421
|
8.2 |
HIGH
Network
|
-
|
-
|
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44971
|
2026-06-2 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3422
|
6.2 |
MEDIUM
Local
|
-
|
-
|
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on …
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-42328
|
2026-06-2 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3423
|
8.8 |
HIGH
Network
|
-
|
-
|
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu…
|
CWE-89
SQL Injection
|
CVE-2026-44521
|
2026-06-2 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3424
|
- |
|
-
|
-
|
Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien…
|
CWE-20
Improper Input Validation
|
CVE-2026-42553
|
2026-06-2 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3425
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can byp…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35673
|
2026-06-2 03:23 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3426
|
5.0 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craft…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9980
|
2026-06-2 03:23 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3427
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliv…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35674
|
2026-06-2 03:22 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3428
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom…
|
CWE-200
Information Exposure
|
CVE-2026-9981
|
2026-06-2 03:22 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3429
|
6.5 |
MEDIUM
Network
|
-
|
-
|
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-44836
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3430
|
- |
|
-
|
-
|
eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurse…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44844
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
