📡 NVD-Latest · 2026-05-04 CVE-2026-7750 (CVSS 8.8) - A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerabil CVE-2026-7750 CVE-2026-7750 CVSS:8.8 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST

📡 NVD-Latest · 2026-05-04 CVE-2026-24072 (CVSS 8.8) - An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earl CVE-2026-24072 CVE-2026-24072 CVSS:8.8 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read

📡 NVD-Latest · 2026-05-04 CVE-2026-23918 (CVSS 8.8) - Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 CVE-2026-23918 CVE-2026-23918 CVSS:8.8 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66.

📡 NVD-Latest · 2026-05-04 CVE-2026-40563 (CVSS 7.1) - Description: Improper Control of Generation of Code ('Code Injection') vulnerabi CVE-2026-40563 CVE-2026-40563 CVSS:7.1 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query

📡 NVD-Latest · 2026-05-05 CVE-2026-5100 (CVSS 7.5) - The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the CVE-2026-5100 CVE-2026-5100 CVSS:7.5 The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including,

📡 NVD-Latest · 2026-05-05 CVE-2026-3456 (CVSS 7.5) - The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation p CVE-2026-3456 CVE-2026-3456 CVSS:7.5 The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in

📡 NVD-Latest · 2026-05-05 CVE-2026-4803 (CVSS 7.2) - The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Si CVE-2026-4803 CVE-2026-4803 CVSS:7.2 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta

📡 NVD-Latest · 2026-05-05 CVE-2026-34408 (CVSS 9.1) - An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4. CVE-2026-34408 CVE-2026-34408 CVSS:9.1 An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44456 - Hono: bodyLimit() can be bypassed for chunked / unknown-length requests CVE-2026-44456 GHSA-9vqf-7f2p-gf9v MEDIUM npm/hono CVE: CVE-2026-44456 Summary bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g. Transfer-Encoding: chunked). Oversized requests can reach handlers and return 200 instead of 413. Details For

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44455 - hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection CVE-2026-44455 GHSA-69xw-7hcm-h432 MEDIUM npm/hono CVE: CVE-2026-44455 Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input

📡 GitHub-Advisory · 2026-05-06 GHSA-qxrw-f6fh-34r7 - Lemmy resend-verification endpoint exposes registered email addresses to unauthe GHSA-qxrw-f6fh-34r7 MEDIUM rust/lemmy_api CVE: Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resend_verification_email and

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44439 - Playwright Capture permits access to local files and internal network resources CVE-2026-44439 GHSA-687h-xw6f-q2qw MEDIUM pip/PlaywrightCapture CVE: CVE-2026-44439 Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44437 - Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefi CVE-2026-44437 GHSA-69xr-m8h6-h664 MEDIUM npm/@angular/ssr CVE: CVE-2026-44437 Description A vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots (%2e%

📡 GitHub-Advisory · 2026-05-06 GHSA-qcxq-75wr-5cm8 - ldap3_proto has LDAP Filter stack exhaustion GHSA-qcxq-75wr-5cm8 HIGH rust/ldap3_proto CVE: Impact LDAP queries are not validated for depth, which can cause the parser (both PEG and ASN) to exhaust the stack. This *may* cause a denial of service in applications that process queries.

📡 GitHub-Advisory · 2026-05-06 GHSA-84jc-3hj2-hwc7 - kanidmd_lib: Image upload validators run before authorization; PNG validator pan GHSA-84jc-3hj2-hwc7 MEDIUM rust/kanidmd_lib CVE: Summary The POST /v1/domain/_image and POST /v1/oauth2/{rs_name}/_image handlers call validate_image() on the uploaded body before the ACL check that restricts image upload

📡 GitHub-Advisory · 2026-05-06 GHSA-r5fr-9gmv-jggh - scim_proton and kanidm_proto have an authenticated process abort via SCIM filter GHSA-r5fr-9gmv-jggh HIGH rust/scim_proto CVE: Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent

📡 GitHub-Advisory · 2026-05-06 GHSA-53hj-r94p-8c8f - Kanidm has non-constant-time comparison of OAuth2 client_secret GHSA-53hj-r94p-8c8f LOW rust/kanidm CVE: Summary The kanidmd OAuth2 token-exchange (/oauth2/token) and token-introspection (/oauth2/token/introspect) endpoints compare the supplied client_secret against the stored secret using Rust's PartialEq on String, which short-circuits on the

📡 GitHub-Advisory · 2026-05-06 GHSA-gpxg-fx2g-qxj2 - Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → h GHSA-gpxg-fx2g-qxj2 MEDIUM rust/kanidm CVE: Summary The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline <script id="data"> element using the Askama |safe filter.

📡 GitHub-Advisory · 2026-05-06 GHSA-22w3-693w-x895 - webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible GHSA-22w3-693w-x895 LOW rust/webauthn-rs-core CVE: Summary webauthn-rs-core ([Relying Party][rp]) and webauthn-authenticator-rs ([client][]) checked that [an Origin in CollectedClientData][origin] is valid for [an RP ID][rpid] with [str::ends_with()][ends-with], [without checking for a dot (.) before the RP

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44425 - ShellHub has crash-DoS via field injection in filter and sort-by parameters CVE-2026-44425 GHSA-47r2-v3x6-wff9 MEDIUM go/github.com/shellhub-io/shellhub CVE: CVE-2026-44425 Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation:

📡 GitHub-Advisory · 2026-05-06 GHSA-cqmh-pcgr-q42f - @axonflow/openclaw fix introduces plugin cache and credential-file permission ha GHSA-cqmh-pcgr-q42f MEDIUM npm/@axonflow/openclaw CVE: Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44423 - ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH se CVE-2026-44423 GHSA-9w9c-9w8m-w89q MEDIUM go/github.com/shellhub-io/shellhub CVE: CVE-2026-44423 Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An

📡 GitHub-Advisory · 2026-05-06 CVE-2026-44424 - ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device CVE-2026-44424 GHSA-j72x-xfwg-783f MEDIUM go/github.com/shellhub-io/shellhub CVE: CVE-2026-44424 Summary GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller&

📡 GitHub-Advisory · 2026-05-06 GHSA-248h-974q-xrc2 - axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, pr GHSA-248h-974q-xrc2 MEDIUM maven/com.getaxonflow:axonflow-sdk CVE: Summary The AxonFlow SDK's WebhookSubscription (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the

📡 GitHub-Advisory · 2026-05-06 GHSA-mhc4-qq83-fmrr - axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, prev GHSA-mhc4-qq83-fmrr MEDIUM go/github.com/getaxonflow/axonflow-sdk-go/v5 CVE: Summary The AxonFlow SDK's WebhookSubscription (or equivalent) type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access