|
201
|
3.7 |
LOW
Network
|
-
|
-
|
mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
New
|
CWE-158
Improper Neutralization of Null Byte or NUL Character
|
CVE-2026-43859
|
2026-05-4 16:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
- |
|
-
|
-
|
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-29200
|
2026-05-4 16:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
- |
|
-
|
-
|
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-29199
|
2026-05-4 16:15 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a …
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7735
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. S…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7734
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpo…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7733
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transf…
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7669
|
2026-05-4 15:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-7163
|
2026-05-4 15:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This …
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7714
|
2026-05-4 10:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7713
|
2026-05-4 09:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
