|
341
|
4.4 |
MEDIUM
Local
|
vmware
|
spring_cloud_config
|
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrad…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41004
|
2026-05-13 01:52 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
8.8 |
HIGH
Network
|
nocobase
|
nocobase
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package co…
Update
|
CWE-89
SQL Injection
|
CVE-2026-41640
|
2026-05-13 01:51 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42857
|
2026-05-13 01:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
8.5 |
HIGH
Network
|
-
|
-
|
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42860
|
2026-05-13 01:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host o…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-45179
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
7.5 |
HIGH
Network
|
-
|
-
|
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on ano…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-45180
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass.
Inputs containing a trailing newline or non-ASCII digit chara…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-45190
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.
Mask forms like "/00" and "/01" pass validatio…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-45191
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
7.5 |
HIGH
Network
|
-
|
-
|
XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.
A node name ending in the middle of a multi byte UT…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8177
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
6.5 |
MEDIUM
Network
|
-
|
-
|
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely.
The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function…
New
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5084
|
2026-05-13 01:48 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
