|
2501
|
8.1 |
HIGH
Network
|
artica
|
pandora_fms
|
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
|
CWE-384
Session Fixation
|
CVE-2026-30808
|
2026-05-13 23:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2502
|
7.5 |
HIGH
Network
|
apple
|
macos
|
An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
|
CWE-200
CWE-269
Information Exposure
Improper Privilege Management
|
CVE-2026-28976
|
2026-05-13 23:35 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2503
|
8.8 |
HIGH
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its san…
|
CWE-284
Improper Access Control
|
CVE-2026-28978
|
2026-05-13 23:34 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2504
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34636
|
2026-05-13 23:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2505
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34637
|
2026-05-13 23:30 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2506
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro
|
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this …
|
CWE-416
Use After Free
|
CVE-2026-34638
|
2026-05-13 23:28 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2507
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A r…
|
CWE-843
Type Confusion
|
CVE-2026-28983
|
2026-05-13 23:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2508
|
6.5 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-elasticsearch
|
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the em…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41018
|
2026-05-13 23:22 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2509
|
5.9 |
MEDIUM
Local
|
-
|
-
|
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
|
-
|
CVE-2026-6815
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2510
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data d…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6146
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
