|
711
|
- |
|
-
|
-
|
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other…
Update
|
CWE-754
CWE-863
Improper Check for Unusual or Exceptional Conditions
Incorrect Authorization
|
CVE-2026-42349
|
2026-05-14 01:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
712
|
- |
|
-
|
-
|
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development fea…
New
|
CWE-297
CWE-322
Improper Validation of Certificate with Host Mismatch
Key Exchange without Entity Authentication
|
CVE-2026-44467
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
713
|
- |
|
-
|
-
|
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Window…
New
|
CWE-59
CWE-269
Link Following
Improper Privilege Management
|
CVE-2026-44470
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
714
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), comma…
New
|
CWE-200
CWE-532
Information Exposure
Inclusion of Sensitive Information in Log Files
|
CVE-2026-44479
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
715
|
3.7 |
LOW
Network
|
-
|
-
|
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path han…
New
|
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CVE-2026-44572
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
716
|
9.1 |
CRITICAL
Network
|
-
|
-
|
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the …
Update
|
CWE-287
Improper Authentication
|
CVE-2026-42560
|
2026-05-14 01:58 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
717
|
8.8 |
HIGH
Network
|
-
|
-
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta…
Update
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-42603
|
2026-05-14 01:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
718
|
- |
|
-
|
-
|
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach t…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-42859
|
2026-05-14 01:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
719
|
6.1 |
MEDIUM
Network
|
-
|
-
|
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values contain…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-44664
|
2026-05-14 01:58 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
720
|
- |
|
-
|
-
|
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-591…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42339
|
2026-05-14 01:53 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
