|
201
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36189
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati…
New
|
CWE-284
Improper Access Control
|
CVE-2026-2734
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-30691
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
3.3 |
LOW
Local
|
-
|
-
|
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p…
New
|
CWE-357
Insufficient UI Warning of Dangerous Operations
|
CVE-2026-47782
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Ma…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-23734
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
6.1 |
MEDIUM
Network
|
-
|
-
|
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted …
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-26028
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, …
New
|
CWE-862
Missing Authorization
|
CVE-2026-33137
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying has…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-47373
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue p…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-39960
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
7.5 |
HIGH
Network
|
-
|
-
|
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademli…
New
|
CWE-252
Unchecked Return Value
|
CVE-2026-40092
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
