|
1981
|
8.1 |
HIGH
Network
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2022_…
|
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
|
CWE-416
Use After Free
|
CVE-2026-40415
|
2026-05-16 00:06 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1982
|
3.3 |
LOW
Local
|
microsoft
|
visual_studio_code
|
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
|
CWE-77
CWE-80
CWE-79
Command Injection
Basic XSS
Cross-site Scripting
|
CVE-2026-41611
|
2026-05-16 00:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1983
|
9.1 |
CRITICAL
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authoriza…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42032
|
2026-05-16 00:02 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1984
|
9.8 |
CRITICAL
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in or…
|
CWE-89
SQL Injection
|
CVE-2026-42031
|
2026-05-15 23:59 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1985
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoin…
|
CWE-352
Origin Validation Error
|
CVE-2026-41255
|
2026-05-15 23:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1986
|
7.4 |
HIGH
Network
|
okfn
|
ckan
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-sig…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41132
|
2026-05-15 23:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1987
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user inform…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45248
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1988
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc b…
|
CWE-506
Embedded Malicious Code
|
CVE-2026-8398
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1989
|
- |
|
-
|
-
|
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from t…
|
CWE-22
Path Traversal
|
CVE-2026-7182
|
2026-05-15 23:56 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1990
|
- |
|
-
|
-
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
|
CWE-20
Improper Input Validation
|
CVE-2026-42327
|
2026-05-15 23:55 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
