|
131
|
6.5 |
MEDIUM
Network
|
microsoft
|
windows_server_2025
|
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-34350
|
2026-05-15 02:44 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
New
|
CWE-362
Race Condition
|
CVE-2026-34351
|
2026-05-15 02:44 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
6.1 |
MEDIUM
Network
|
postorius_project
|
postorius
|
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-44742
|
2026-05-15 02:42 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
8.5 |
HIGH
Network
|
n8n-mcp
|
n8n-mcp
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42449
|
2026-05-15 02:37 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
9.8 |
CRITICAL
Network
|
archivebox
|
archivebox
|
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the craw…
Update
|
CWE-88
Argument Injection
|
CVE-2026-42601
|
2026-05-15 02:36 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
8.8 |
HIGH
Network
|
azuracast
|
azuracast
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42605
|
2026-05-15 02:34 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
8.8 |
HIGH
Network
|
azuracast
|
azuracast
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with…
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-42606
|
2026-05-15 02:31 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
5.1 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allo…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62305
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
5.1 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62308
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
2.6 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62309
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
