|
441
|
- |
|
-
|
-
|
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-29199
|
2026-05-4 16:15 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a …
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7735
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. S…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7734
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpo…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7733
|
2026-05-4 15:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transf…
New
|
CWE-74
CWE-94
Injection
Code Injection
|
CVE-2026-7669
|
2026-05-4 15:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This …
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7714
|
2026-05-4 10:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7713
|
2026-05-4 09:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss…
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-7712
|
2026-05-4 09:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7711
|
2026-05-4 09:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…
New
|
CWE-287
Improper Authentication
|
CVE-2026-7710
|
2026-05-4 09:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
