|
1421
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Reserved. Details will be published at disclosure.
|
CWE-20
Improper Input Validation
|
CVE-2026-45392
|
2026-05-15 21:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Reserved. Details will be published at disclosure.
|
CWE-20
Improper Input Validation
|
CVE-2026-45391
|
2026-05-15 21:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hi…
|
CWE-459
Incomplete Cleanup
|
CVE-2026-34263
|
2026-05-15 21:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
- |
|
-
|
-
|
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. …
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-24899
|
2026-05-15 06:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
8.3 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML wit…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-44586
|
2026-05-15 06:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly…
|
CWE-285
CWE-862
Improper Authorization
Missing Authorization
|
CVE-2026-45147
|
2026-05-15 06:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
6.5 |
MEDIUM
Network
|
hcltech
|
bigfix_webui_api
bigfix_webui_application_administration
bigfix_webui_cmep
bigfix_webui_common
bigfix_webui_content_app
bigfix_webui_custom
bigfix_webui_data_sync
bigfix_webui_ex…
|
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)…
|
CWE-863
Incorrect Authorization
|
CVE-2025-15633
|
2026-05-15 05:28 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
4.3 |
MEDIUM
Network
|
hcltech
|
bigfix_webui_api
bigfix_webui_application_administration
bigfix_webui_cmep
bigfix_webui_common
bigfix_webui_content_app
bigfix_webui_custom
bigfix_webui_data_sync
bigfix_webui_ex…
|
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized…
|
CWE-862
Missing Authorization
|
CVE-2025-15634
|
2026-05-15 05:28 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
7.8 |
HIGH
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code e…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-42311
|
2026-05-15 05:27 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
7.6 |
HIGH
Network
|
-
|
-
|
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted…
|
CWE-22
Path Traversal
|
CVE-2026-45225
|
2026-05-15 05:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
