|
1161
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-51394
|
2026-05-14 03:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
5.0 |
MEDIUM
Network
|
-
|
-
|
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41195
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
- |
|
-
|
-
|
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified requ…
|
CWE-22
CWE-26
Path Traversal
Path Traversal: '/dir/../filename'
|
CVE-2026-42196
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
7.5 |
HIGH
Network
|
-
|
-
|
Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-f…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-44302
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
- |
|
-
|
-
|
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and th…
|
CWE-22
Path Traversal
|
CVE-2026-44307
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
5.3 |
MEDIUM
Network
|
-
|
-
|
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. Th…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44341
|
2026-05-14 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
- |
|
-
|
-
|
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
|
CWE-22
Path Traversal
|
CVE-2026-44301
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44245
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users…
|
CWE-20
Improper Input Validation
|
CVE-2026-2695
|
2026-05-14 03:10 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
7.5 |
HIGH
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\Xml) does not validate the ss:I…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40863
|
2026-05-14 03:01 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
