|
3031
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3032
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi…
|
CWE-330
CWE-338
Use of Insufficiently Random Values
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41505
|
2026-05-8 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3033
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
|
CWE-79
Cross-site Scripting
|
CVE-2026-36358
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3034
|
8.3 |
HIGH
Network
|
-
|
-
|
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, S…
|
CWE-89
SQL Injection
|
CVE-2026-41490
|
2026-05-8 00:50 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3035
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-8 00:50 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3036
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A rem…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42011
|
2026-05-8 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3037
|
8.3 |
HIGH
Network
|
-
|
-
|
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL lite…
|
CWE-89
SQL Injection
|
CVE-2026-41422
|
2026-05-8 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3038
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell comma…
|
CWE-78
OS Command
|
CVE-2026-42076
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3039
|
5.2 |
MEDIUM
Local
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all Ja…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42077
|
2026-05-8 00:46 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3040
|
7.7 |
HIGH
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41688
|
2026-05-8 00:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
