|
731
|
2.6 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary syst…
New
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2025-62317
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Update
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-45186
|
2026-05-15 02:20 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low …
New
|
CWE-779
Logging of Excessive Data
|
CVE-2026-20209
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform …
New
|
CWE-779
Logging of Excessive Data
|
CVE-2026-20210
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
8.6 |
HIGH
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system.…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-20224
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposed Keycloak management
service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug
information such as metrics and
health data. This issue affects Sym…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33584
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
3.8 |
LOW
Physics
|
-
|
-
|
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.…
New
|
CWE-233
Improper Handling of Parameters
|
CVE-2026-33585
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
9.1 |
CRITICAL
Network
|
-
|
-
|
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to…
New
|
CWE-287
CWE-326
CWE-1391
Improper Authentication
Inadequate Encryption Strength
Use of Weak Credentials
|
CVE-2026-44351
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
9.0 |
CRITICAL
Network
|
-
|
-
|
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulner…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42457
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
8.8 |
HIGH
Network
|
-
|
-
|
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not vali…
New
|
CWE-346
CWE-350
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-42559
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
