|
751
|
9.3 |
CRITICAL
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including…
New
|
CWE-352
Origin Validation Error
|
CVE-2025-27851
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
5.0 |
MEDIUM
Local
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary Jav…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-27852
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
7.3 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-27853
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24710
|
2026-05-15 02:06 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
9.6 |
CRITICAL
Network
|
tanstack
|
tanstack\/arktype-adapter
tanstack\/eslint-plugin-router
tanstack\/eslint-plugin-start
tanstack\/history
tanstack\/nitro-v2-vite-plugin
tanstack\/react-router
tanstack\/react-router…
|
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate …
Update
|
CWE-506
Embedded Malicious Code
|
CVE-2026-45321
|
2026-05-15 02:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
Update
|
CWE-200
Information Exposure
|
CVE-2026-34087
|
2026-05-15 02:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
7.5 |
HIGH
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42561
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
- |
|
-
|
-
|
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on t…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-44368
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
- |
|
-
|
-
|
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL…
New
|
CWE-89
SQL Injection
|
CVE-2026-44418
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
- |
|
-
|
-
|
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after…
New
|
CWE-601
Open Redirect
|
CVE-2026-44372
|
2026-05-15 01:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
