|
171
|
4.3 |
MEDIUM
Network
|
-
|
-
|
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…
New
|
CWE-862
Missing Authorization
|
CVE-2026-6667
|
2026-05-9 10:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-6666
|
2026-05-9 10:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
8.1 |
HIGH
Network
|
-
|
-
|
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6665
|
2026-05-9 10:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
7.5 |
HIGH
Network
|
-
|
-
|
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6664
|
2026-05-9 10:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgra…
New
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41705
|
2026-05-9 10:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44313
|
2026-05-9 09:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
- |
|
-
|
-
|
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[li…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42455
|
2026-05-9 09:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
- |
|
-
|
-
|
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline…
New
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42278
|
2026-05-9 09:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
8.1 |
HIGH
Network
|
praison
|
praisonai
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine si…
New
|
CWE-89
SQL Injection
|
CVE-2026-41496
|
2026-05-9 09:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-8091
|
2026-05-9 08:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
