|
6011
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the …
|
CWE-89
SQL Injection
|
CVE-2026-40330
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6012
|
- |
|
-
|
-
|
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altT…
|
CWE-89
SQL Injection
|
CVE-2026-40331
|
2026-05-6 05:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6013
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This…
|
CWE-22
Path Traversal
|
CVE-2026-42078
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6014
|
8.6 |
HIGH
Local
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtin…
|
CWE-95
Eval Injection
|
CVE-2026-42079
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6015
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched…
|
CWE-22
Path Traversal
|
CVE-2026-42080
|
2026-05-6 05:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6016
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipu…
|
CWE-22
Path Traversal
|
CVE-2026-7738
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6017
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7732
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6018
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Ha…
|
CWE-74
CWE-88
Injection
Argument Injection
|
CVE-2026-7725
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6019
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the compon…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-7701
|
2026-05-6 05:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6020
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endp…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7688
|
2026-05-6 05:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
