|
2061
|
9.1 |
CRITICAL
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPPars…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42264
|
2026-05-14 02:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-21015
|
2026-05-14 02:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21016
|
2026-05-14 02:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
9.8 |
CRITICAL
Network
|
nhost
|
nhost\/auth
|
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. T…
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-41574
|
2026-05-14 02:46 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy refl…
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-44184
|
2026-05-14 02:32 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
6.7 |
MEDIUM
Local
|
samsung
|
android
|
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-21018
|
2026-05-14 02:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
- |
|
-
|
-
|
Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and d…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42856
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
4.3 |
MEDIUM
Network
|
-
|
-
|
@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient valida…
|
CWE-601
Open Redirect
|
CVE-2026-42565
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
8.2 |
HIGH
Network
|
-
|
-
|
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-42564
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.…
|
CWE-290
CWE-348
Authentication Bypass by Spoofing
Use of Less Trusted Source
|
CVE-2026-44183
|
2026-05-14 02:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
