|
2351
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when re…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42245
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2352
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#startt…
|
CWE-392
CWE-393
CWE-636
CWE-754
CWE-841
Missing Report of Error Condition
Return of Wrong Status Code
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
Improper Enforcement of Behavioral Workflow
|
CVE-2026-42246
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2353
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating…
|
CWE-770
CWE-1322
Allocation of Resources Without Limits or Throttling
Use of Blocking Code in Single-threaded, Non-blocking Context
|
CVE-2026-42256
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2354
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42257
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2355
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-42258
|
2026-05-14 00:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2356
|
8.0 |
HIGH
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Fi…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41431
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2357
|
2.4 |
LOW
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r…
|
CWE-20
Improper Input Validation
|
CVE-2026-44658
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2358
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-44659
|
2026-05-14 00:37 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2359
|
- |
|
-
|
-
|
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections …
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-3048
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2360
|
- |
|
-
|
-
|
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via …
|
CWE-79
Cross-site Scripting
|
CVE-2026-7308
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
