|
1171
|
8.8 |
HIGH
Network
|
-
|
-
|
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42843
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxono…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42842
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
- |
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POS…
New
|
CWE-22
Path Traversal
|
CVE-2026-42608
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
4.3 |
MEDIUM
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL…
Update
|
CWE-200
CWE-639
Information Exposure
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42456
|
2026-05-12 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
- |
|
-
|
-
|
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other…
New
|
CWE-754
CWE-863
Improper Check for Unusual or Exceptional Conditions
Incorrect Authorization
|
CVE-2026-42349
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
- |
|
-
|
-
|
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-591…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42339
|
2026-05-12 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
6.5 |
MEDIUM
Network
|
-
|
-
|
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes…
Update
|
CWE-369
Divide By Zero
|
CVE-2026-42209
|
2026-05-12 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and …
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42199
|
2026-05-12 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
8.6 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded an…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-33362
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversi…
New
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-33361
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
