|
1431
|
- |
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvide…
|
CWE-285
CWE-668
Improper Authorization
Exposure of Resource to Wrong Sphere
|
CVE-2026-42875
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
4.9 |
MEDIUM
Network
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSec…
|
CWE-285
Improper Authorization
|
CVE-2026-42876
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8290
|
2026-05-14 01:11 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8267
|
2026-05-14 01:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
- |
|
-
|
-
|
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted app…
|
CWE-601
Open Redirect
|
CVE-2026-41513
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
7.5 |
HIGH
Network
|
-
|
-
|
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoc…
|
CWE-20
CWE-248
CWE-400
Improper Input Validation
Uncaught Exception
Uncontrolled Resource Consumption
|
CVE-2026-42544
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
- |
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry …
|
CWE-77
Command Injection
|
CVE-2026-44257
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, req…
|
CWE-94
Code Injection
|
CVE-2026-44262
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
7.5 |
HIGH
Network
|
-
|
-
|
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
|
CWE-400
CWE-405
Uncontrolled Resource Consumption
Asymmetric Resource Consumption (Amplification)
|
CVE-2026-44296
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf…
|
CWE-917
CWE-1336
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41901
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
