|
431
|
7.5 |
HIGH
Network
|
-
|
-
|
AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42485
|
2026-05-6 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
8.4 |
HIGH
Local
|
-
|
-
|
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-30363
|
2026-05-6 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
6.1 |
MEDIUM
Network
|
-
|
-
|
wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38669
|
2026-05-6 05:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
- |
|
-
|
-
|
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ..…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42052
|
2026-05-6 05:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
7.5 |
HIGH
Network
|
-
|
-
|
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the w…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7776
|
2026-05-6 05:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of th…
New
|
CWE-89
SQL Injection
|
CVE-2026-40329
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the …
New
|
CWE-89
SQL Injection
|
CVE-2026-40330
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altT…
New
|
CWE-89
SQL Injection
|
CVE-2026-40331
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This…
New
|
CWE-22
Path Traversal
|
CVE-2026-42078
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
8.6 |
HIGH
Local
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtin…
New
|
CWE-95
Eval Injection
|
CVE-2026-42079
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
