|
1211
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici…
New
|
CWE-770
CWE-789
Allocation of Resources Without Limits or Throttling
Memory Allocation with Excessive Size Value
|
CVE-2026-42189
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
7.5 |
HIGH
Network
|
-
|
-
|
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-41311
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
- |
|
-
|
-
|
Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3320
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
- |
|
-
|
-
|
Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3319
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1215
|
- |
|
-
|
-
|
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…
New
|
-
|
CVE-2026-31247
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
- |
|
-
|
-
|
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…
New
|
-
|
CVE-2026-31246
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1217
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.…
New
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-9973
|
2026-05-12 01:17 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec…
New
|
-
|
CVE-2025-63750
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
8.1 |
HIGH
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p…
Update
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-41654
|
2026-05-12 00:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-12 00:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
