|
2041
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42889
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2042
|
- |
|
-
|
-
|
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id …
|
CWE-93
CRLF Injection
|
CVE-2026-44217
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2043
|
9.0 |
CRITICAL
Network
|
-
|
-
|
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two dis…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44221
|
2026-05-14 03:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2044
|
- |
|
-
|
-
|
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authent…
|
CWE-424
Improper Protection of Alternate Path
|
CVE-2026-0237
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2045
|
- |
|
-
|
-
|
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on t…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-0263
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2046
|
- |
|
-
|
-
|
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (Do…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-0264
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2047
|
- |
|
-
|
-
|
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Servi…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-0265
|
2026-05-14 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2048
|
5.9 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42348
|
2026-05-14 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2049
|
6.5 |
MEDIUM
Local
|
-
|
-
|
OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryPro…
|
CWE-379
Creation of Temporary File in Directory with Incorrect Permissions
|
CVE-2026-42191
|
2026-05-14 03:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2050
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is cre…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42180
|
2026-05-14 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
