|
1181
|
8.2 |
HIGH
Network
|
-
|
-
|
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-42564
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.…
|
CWE-290
CWE-348
Authentication Bypass by Spoofing
Use of Less Trusted Source
|
CVE-2026-44183
|
2026-05-14 02:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
7.8 |
HIGH
Local
|
samsung
|
android
|
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
|
NVD-CWE-Other
|
CVE-2026-21020
|
2026-05-14 02:30 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
|
NVD-CWE-noinfo
|
CVE-2026-21021
|
2026-05-14 02:29 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21022
|
2026-05-14 02:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-14 02:26 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
- |
|
-
|
-
|
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
|
CWE-200
Information Exposure
|
CVE-2026-42865
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43995
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.3 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<p…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-44226
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
8.4 |
HIGH
Local
|
-
|
-
|
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2020-37221
|
2026-05-14 02:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
