|
3431
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42883
|
2026-05-20 03:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3432
|
6.2 |
MEDIUM
Network
|
-
|
-
|
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/featur…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42045
|
2026-05-20 03:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3433
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8401
|
2026-05-20 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3434
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
|
CWE-20
CWE-79
CWE-119
Improper Input Validation
Cross-site Scripting
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8391
|
2026-05-20 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3435
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8388
|
2026-05-20 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3436
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-20 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3437
|
- |
|
-
|
-
|
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-6009
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3438
|
8.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-suppl…
|
CWE-79
CWE-434
CWE-646
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
Reliance on File Name or Extension of Externally-Supplied File
|
CVE-2026-45315
|
2026-05-20 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3439
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based …
|
CWE-22
CWE-287
Path Traversal
Improper Authentication
|
CVE-2026-36829
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3440
|
5.9 |
MEDIUM
Network
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-32134
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
