|
431
|
3.5 |
LOW
Network
|
-
|
-
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return…
New
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-45781
|
2026-05-16 11:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
4.4 |
MEDIUM
Network
|
-
|
-
|
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…
New
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-45736
|
2026-05-16 11:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
5.5 |
MEDIUM
Local
|
microsoft
|
word
|
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41101
|
2026-05-16 11:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
5.5 |
MEDIUM
Local
|
microsoft
|
powerpoint
|
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-41102
|
2026-05-16 11:08 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
9.1 |
CRITICAL
Network
|
microsoft
|
confluence_saml_sso
jira_saml_sso
|
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-303
NVD-CWE-Other
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-41103
|
2026-05-16 11:07 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
7.8 |
HIGH
Local
|
microsoft
|
office
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42831
|
2026-05-16 11:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
5.5 |
MEDIUM
Local
|
microsoft
|
excel
office
word
|
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-42832
|
2026-05-16 11:03 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
5.5 |
MEDIUM
Local
|
fortinet
|
forticlient
|
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at…
Update
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-44278
|
2026-05-16 10:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
5.5 |
MEDIUM
Local
|
fortinet
|
fortitoken_mobile
|
A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta…
Update
|
CWE-926
Improper Export of Android Application Components
|
CVE-2026-44279
|
2026-05-16 10:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
4.4 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-Other
Improper Access Control
|
CVE-2026-41100
|
2026-05-16 10:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
