|
1381
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.
The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decryp…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41565
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
8.8 |
HIGH
Network
|
-
|
-
|
@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenati…
|
CWE-78
OS Command
|
CVE-2026-36044
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
7.3 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-30761
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.
|
CWE-20
Improper Input Validation
|
CVE-2026-30760
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to comma…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-10060
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
8.3 |
HIGH
Network
|
-
|
-
|
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-10017
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.
_dosToUnixTime() decodes the local-file-header last-modification da…
|
CWE-248
Uncaught Exception
|
CVE-2025-15649
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
7.1 |
HIGH
Network
|
-
|
-
|
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_promp…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-45134
|
2026-05-30 01:12 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
5.4 |
MEDIUM
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes block…
|
CWE-770
CWE-841
Allocation of Resources Without Limits or Throttling
Improper Enforcement of Behavioral Workflow
|
CVE-2026-45023
|
2026-05-30 01:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox vi…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9963
|
2026-05-30 01:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
