|
491
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRo…
New
|
CWE-120
CWE-121
Classic Buffer Overflow
Stack-based Buffer Overflow
|
CVE-2024-48519
|
2026-05-14 22:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
9.8 |
CRITICAL
Network
|
artica
|
pandora_fms
|
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
Update
|
CWE-89
SQL Injection
|
CVE-2026-34187
|
2026-05-14 22:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
9.6 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). Th…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42048
|
2026-05-14 21:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorizatio…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-44575
|
2026-05-14 21:38 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
8.1 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to au…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-44574
|
2026-05-14 21:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based au…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44573
|
2026-05-14 21:24 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
7.5 |
HIGH
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44290
|
2026-05-14 21:23 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
8.1 |
HIGH
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by gene…
New
|
CWE-94
Code Injection
|
CVE-2026-44291
|
2026-05-14 21:22 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
6.6 |
MEDIUM
Local
|
-
|
-
|
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc…
Update
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-45130
|
2026-05-14 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
8.1 |
HIGH
Network
|
-
|
-
|
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42945
|
2026-05-14 11:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
