|
941
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorit…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-48710
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9312
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
7.4 |
HIGH
Local
|
-
|
-
|
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49014
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
- |
|
-
|
-
|
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42184
|
2026-05-30 01:19 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
- |
|
-
|
-
|
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-44378
|
2026-05-30 01:19 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
6.0 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42998
|
2026-05-30 01:19 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
7.5 |
HIGH
Network
|
-
|
-
|
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying…
|
CWE-22
Path Traversal
|
CVE-2026-32847
|
2026-05-30 01:19 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9957
|
2026-05-30 01:19 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font fi…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-9960
|
2026-05-30 01:18 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
