|
1641
|
8.1 |
HIGH
Network
|
pocket-id
|
pocket_id
|
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh …
|
CWE-285
CWE-613
Improper Authorization
Insufficient Session Expiration
|
CVE-2026-43983
|
2026-05-14 07:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arb…
|
CWE-77
Command Injection
|
CVE-2026-44872
|
2026-05-14 07:42 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
7.5 |
HIGH
Network
|
webtechnologies
|
changedetection
|
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) …
|
CWE-611
XXE
|
CVE-2026-41895
|
2026-05-14 07:39 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
5.5 |
MEDIUM
Local
|
jqlang
|
jq
|
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-43896
|
2026-05-14 07:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and …
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-8199
|
2026-05-14 07:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php.
This issue affects …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34095
|
2026-05-14 07:30 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE.
|
-
|
CVE-2026-40328
|
2026-05-14 07:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE.
|
-
|
CVE-2026-40327
|
2026-05-14 07:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
8.8 |
HIGH
Network
|
-
|
-
|
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
|
CWE-94
Code Injection
|
CVE-2026-29202
|
2026-05-14 07:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
|
CWE-23
Relative Path Traversal
|
CVE-2026-29201
|
2026-05-14 07:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
