|
1181
|
6.2 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 2…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28977
|
2026-05-14 23:01 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
5.3 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
|
CWE-78
OS Command
|
CVE-2026-44656
|
2026-05-14 22:59 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
5.3 |
MEDIUM
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44431
|
2026-05-14 22:56 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
4.4 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a cr…
|
CWE-78
OS Command
|
CVE-2026-42307
|
2026-05-14 22:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
5.3 |
MEDIUM
Network
|
redwoodjs
|
redwoodsdk
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-14 22:54 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operat…
|
CWE-94
Code Injection
|
CVE-2026-43680
|
2026-05-14 22:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External OD…
|
CWE-78
OS Command
|
CVE-2026-43685
|
2026-05-14 22:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
7.5 |
HIGH
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-44432
|
2026-05-14 22:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.9 |
MEDIUM
Network
|
haxx
|
curl
|
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SM…
|
CWE-295
CWE-319
Improper Certificate Validation
Cleartext Transmission of Sensitive Information
|
CVE-2026-4873
|
2026-05-14 22:45 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
5.4 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when s…
|
CWE-436
Interpretation Conflict
|
CVE-2026-44576
|
2026-05-14 22:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
