|
291
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
New
|
CWE-94
Code Injection
|
CVE-2026-44717
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
7.5 |
HIGH
Network
|
-
|
-
|
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44714
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
New
|
CWE-129
CWE-390
Improper Validation of Array Index
Detection of Error Condition Without Action
|
CVE-2026-44310
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is r…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42596
|
2026-05-16 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
8.2 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-42590
|
2026-05-16 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates databas…
New
|
CWE-94
Code Injection
|
CVE-2026-41258
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
- |
|
-
|
-
|
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. Whe…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-41181
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is proce…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-23695
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated u…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44423
|
2026-05-16 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to pro…
New
|
CWE-90
LDAP Injection
|
CVE-2026-44671
|
2026-05-16 02:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
