|
691
|
- |
|
-
|
-
|
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44515
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…
New
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-44514
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
8.6 |
HIGH
Network
|
-
|
-
|
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-29205
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
8.2 |
HIGH
Network
|
-
|
-
|
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-32992
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
New
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-44919
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
8.8 |
HIGH
Network
|
-
|
-
|
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p…
New
|
CWE-94
Code Injection
|
CVE-2026-44513
|
2026-05-15 03:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
8.8 |
HIGH
Network
|
-
|
-
|
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hu…
New
|
CWE-94
Code Injection
|
CVE-2026-44827
|
2026-05-15 03:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
4.7 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44581
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
- |
|
-
|
-
|
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible t…
New
|
CWE-22
Path Traversal
|
CVE-2026-42598
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/…
New
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44520
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
