|
1481
|
4.7 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44581
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1482
|
- |
|
-
|
-
|
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible t…
|
CWE-22
Path Traversal
|
CVE-2026-42598
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1483
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44520
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1484
|
- |
|
-
|
-
|
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44544
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1485
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint …
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42572
|
2026-05-15 03:26 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1486
|
8.3 |
HIGH
Network
|
-
|
-
|
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expo…
|
CWE-1104
Use of Unmaintained Third Party Components
|
CVE-2026-21821
|
2026-05-15 03:24 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1487
|
4.3 |
MEDIUM
Network
|
-
|
-
|
CWE-601 URL redirection to untrusted site ('open redirect')
|
CWE-601
Open Redirect
|
CVE-2026-45448
|
2026-05-15 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1488
|
3.8 |
LOW
Physics
|
-
|
-
|
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.
|
CWE-1300
Improper Protection of Physical Side Channels
|
CVE-2026-6923
|
2026-05-15 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1489
|
- |
|
-
|
-
|
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-6332
|
2026-05-15 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1490
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the r…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-45411
|
2026-05-15 03:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
