|
191
|
8.8 |
HIGH
Network
|
-
|
-
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}…
New
|
CWE-22
Path Traversal
|
CVE-2026-42605
|
2026-05-12 01:17 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
- |
|
-
|
-
|
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the craw…
New
|
CWE-88
Argument Injection
|
CVE-2026-42601
|
2026-05-12 01:17 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
- |
|
-
|
-
|
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter …
New
|
CWE-200
Information Exposure
|
CVE-2026-42333
|
2026-05-12 01:17 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact re…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42295
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
- |
|
-
|
-
|
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor ID…
New
|
CWE-400
CWE-611
CWE-776
Uncontrolled Resource Consumption
XXE
XML Entity Expansion
|
CVE-2026-42212
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici…
New
|
CWE-770
CWE-789
Allocation of Resources Without Limits or Throttling
Memory Allocation with Excessive Size Value
|
CVE-2026-42189
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
7.5 |
HIGH
Network
|
-
|
-
|
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-41311
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
7.2 |
HIGH
Network
|
-
|
-
|
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
New
|
CWE-78
OS Command
|
CVE-2026-3828
|
2026-05-12 01:17 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
- |
|
-
|
-
|
Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3320
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
- |
|
-
|
-
|
Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3319
|
2026-05-12 01:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
