|
4161
|
7.5 |
HIGH
Network
|
-
|
-
|
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoc…
|
CWE-20
CWE-248
CWE-400
Improper Input Validation
Uncaught Exception
Uncontrolled Resource Consumption
|
CVE-2026-42544
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4162
|
10.0 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard …
|
CWE-94
Code Injection
|
CVE-2026-42288
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4163
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malici…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42157
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4164
|
5.0 |
MEDIUM
Network
|
-
|
-
|
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41195
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4165
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBas…
|
CWE-200
Information Exposure
|
CVE-2026-39079
|
2026-05-19 01:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4166
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…
|
CWE-94
Code Injection
|
CVE-2025-67031
|
2026-05-19 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4167
|
5.5 |
MEDIUM
Adjacent
|
google
|
chrome
|
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
|
CWE-284
Improper Access Control
|
CVE-2026-8586
|
2026-05-19 00:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4168
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-46356
|
2026-05-19 00:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4169
|
6.5 |
MEDIUM
Network
|
webpack.js
|
webpack-dev-server
|
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-6402
|
2026-05-19 00:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4170
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-19 00:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
