|
1371
|
9.1 |
CRITICAL
Network
|
-
|
-
|
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to…
|
CWE-287
CWE-326
CWE-1391
Improper Authentication
Inadequate Encryption Strength
Use of Weak Credentials
|
CVE-2026-44351
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
9.0 |
CRITICAL
Network
|
-
|
-
|
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42457
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
8.8 |
HIGH
Network
|
-
|
-
|
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not vali…
|
CWE-346
CWE-350
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-42559
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
7.8 |
HIGH
Local
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
|
CWE-59
Link Following
|
CVE-2026-44471
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CV…
|
-
|
CVE-2026-7805
|
2026-05-15 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks…
|
CWE-123
Write-what-where Condition
|
CVE-2026-43284
|
2026-05-15 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
8.8 |
HIGH
Network
|
sentry
|
sentry
|
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…
|
CWE-94
Code Injection
|
CVE-2021-47935
|
2026-05-15 02:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
8.7 |
HIGH
Network
|
-
|
-
|
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33583
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.
cow_spdy:inflate/2 in cowlib…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-43970
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8466
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
