|
161
|
- |
|
-
|
-
|
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
New
|
CWE-180
CWE-345
Incorrect Behavior Order: Validate Before Canonicalize
Insufficient Verification of Data Authenticity
|
CVE-2026-45022
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
8.8 |
HIGH
Network
|
-
|
-
|
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-44988
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
5.0 |
MEDIUM
Local
|
-
|
-
|
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-44972
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
7.5 |
HIGH
Network
|
-
|
-
|
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics en…
New
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-44902
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
New
|
CWE-80
Basic XSS
|
CVE-2026-44839
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44838
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authenticat…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44830
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44708
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
9.8 |
CRITICAL
Network
|
-
|
-
|
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invo…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44668
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety sca…
New
|
CWE-78
OS Command
|
CVE-2026-44444
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
