cve.li

Recent

CVE-2026-45088CWE-73CWE-306CWE-552

Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

Published 2026-05-27 by GitHub_M

CVE-2026-45087CWE-15CWE-78CWE-306

Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Published 2026-05-27 by GitHub_M

CVE-2026-45089CWE-73CWE-306CWE-434

Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode

Published 2026-05-27 by GitHub_M

CVE-2026-45090CWE-362CWE-404

Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Published 2026-05-27 by GitHub_M

CVE-2026-42553CWE-20

Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Published 2026-05-27 by GitHub_M

CVE-2026-5509CWE-20

Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200

Published 2026-05-27 by TPLink

CVE-2026-44345CWE-78

BentoML: Dockerfile command injection via docker.base_image

Published 2026-05-27 by GitHub_M

CVE-2026-44346CWE-78CWE-94

BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml

Published 2026-05-27 by GitHub_M

CVE-2026-45081CWE-863

Frappe HR: Permission Bypass in HRMS Leave Details API

Published 2026-05-27 by GitHub_M

CVE-2026-44521CWE-89

elFinder: SQL Injection MySQL Volume Driver (elFinderVolumeMySQL)

Published 2026-05-27 by GitHub_M

Load more ↓