|
81
|
6.8 |
MEDIUM
Network
|
-
|
-
|
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42291
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
9.8 |
CRITICAL
Network
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)…
New
|
CWE-88
Argument Injection
|
CVE-2026-42284
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
- |
|
-
|
-
|
Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check th…
New
|
CWE-601
Open Redirect
|
CVE-2026-42259
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
7.6 |
HIGH
Network
|
-
|
-
|
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42224
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
- |
|
-
|
-
|
pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(…
New
|
CWE-195
CWE-918
Signed to Unsigned Conversion Error
Server-Side Request Forgery (SSRF)
|
CVE-2026-41682
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
7.9 |
HIGH
Local
|
-
|
-
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when …
New
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-41520
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
7.1 |
HIGH
Network
|
-
|
-
|
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an …
New
|
CWE-345
CWE-863
CWE-1188
Insufficient Verification of Data Authenticity
Incorrect Authorization
Insecure Default Initialization of Resource
|
CVE-2026-41432
|
2026-05-9 08:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
New
|
CWE-94
Code Injection
|
CVE-2026-36458
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service.
The decimal library does not bound the exponent on parsed input. Storing a decimal …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-32686
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot…
New
|
CWE-285
Improper Authorization
|
CVE-2026-30496
|
2026-05-9 08:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
