|
5491
|
- |
|
-
|
-
|
FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup co…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26978
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5492
|
6.5 |
MEDIUM
Network
|
-
|
-
|
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27737
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5493
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33052
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5494
|
7.5 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of…
|
CWE-400
CWE-459
CWE-770
Uncontrolled Resource Consumption
Incomplete Cleanup
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33232
|
2026-05-20 00:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5495
|
8.2 |
HIGH
Local
|
-
|
-
|
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows o…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-22810
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5496
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to r…
|
CWE-78
OS Command
|
CVE-2026-25244
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5497
|
7.0 |
HIGH
Local
|
-
|
-
|
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_…
|
CWE-378
Creation of Temporary File With Insecure Permissions
|
CVE-2026-4137
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5498
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-45492
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5499
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-8544
|
2026-05-19 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5500
|
3.1 |
LOW
Network
|
google
|
chrome
|
Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi…
|
CWE-119
CWE-284
Incorrect Access of Indexable Resource ('Range Error')
Improper Access Control
|
CVE-2026-8545
|
2026-05-19 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
