|
1291
|
7.5 |
HIGH
Network
|
microsoft
|
outlook
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
|
CWE-77
Command Injection
|
CVE-2026-42893
|
2026-05-14 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1292
|
8.7 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-pr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34686
|
2026-05-14 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1293
|
6.1 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be dire…
|
CWE-74
Injection
|
CVE-2026-44455
|
2026-05-14 03:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1294
|
6.5 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44456
|
2026-05-14 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1295
|
5.3 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: A…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-44457
|
2026-05-14 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1296
|
4.3 |
MEDIUM
Network
|
hono
|
hono
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted inpu…
|
CWE-74
CWE-116
Injection
Improper Encoding or Escaping of Output
|
CVE-2026-44458
|
2026-05-14 03:32 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1297
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
|
CWE-79
Cross-site Scripting
|
CVE-2026-41250
|
2026-05-14 03:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1298
|
- |
|
-
|
-
|
Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42866
|
2026-05-14 03:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1299
|
10.0 |
CRITICAL
Network
|
-
|
-
|
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value i…
|
CWE-287
CWE-522
CWE-798
Improper Authentication
Insufficiently Protected Credentials
Use of Hard-coded Credentials
|
CVE-2026-42869
|
2026-05-14 03:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1300
|
3.7 |
LOW
Network
|
-
|
-
|
Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n se…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-42874
|
2026-05-14 03:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
