|
5051
|
5.0 |
MEDIUM
Network
|
-
|
-
|
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41195
|
2026-05-19 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5052
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBas…
|
CWE-200
Information Exposure
|
CVE-2026-39079
|
2026-05-19 01:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5053
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…
|
CWE-94
Code Injection
|
CVE-2025-67031
|
2026-05-19 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5054
|
5.5 |
MEDIUM
Adjacent
|
google
|
chrome
|
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
|
CWE-284
Improper Access Control
|
CVE-2026-8586
|
2026-05-19 00:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5055
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-46356
|
2026-05-19 00:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5056
|
6.5 |
MEDIUM
Network
|
webpack.js
|
webpack-dev-server
|
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-6402
|
2026-05-19 00:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5057
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-19 00:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5058
|
7.8 |
HIGH
Local
|
amd
|
radeon_software
cleanup_utility
|
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-36333
|
2026-05-19 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5059
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…
|
CWE-89
CWE-121
SQL Injection
Stack-based Buffer Overflow
|
CVE-2026-6637
|
2026-05-19 00:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5060
|
4.3 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain…
|
CWE-126
Buffer Over-read
|
CVE-2026-6575
|
2026-05-19 00:04 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
