|
1271
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by sp…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31241
|
2026-05-15 03:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1272
|
8.6 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to serve…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44578
|
2026-05-15 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1273
|
7.5 |
HIGH
Network
|
argoproj
|
argo_workflows
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42294
|
2026-05-15 03:34 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1274
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerab…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44579
|
2026-05-15 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1275
|
6.1 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44580
|
2026-05-15 03:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1276
|
7.5 |
HIGH
Network
|
-
|
-
|
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-46419
|
2026-05-15 03:31 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1277
|
- |
|
-
|
-
|
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44515
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1278
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-44514
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1279
|
8.6 |
HIGH
Network
|
-
|
-
|
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-29205
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1280
|
8.2 |
HIGH
Network
|
-
|
-
|
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-32992
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
