|
561
|
8.1 |
HIGH
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flo…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-43913
|
2026-05-14 04:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
5.3 |
MEDIUM
Network
|
leont
|
crypt\
|
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.
The auto-detect form of argon2_verify passes encoded_len - 1 as the…
New
|
CWE-126
CWE-191
Buffer Over-read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-8463
|
2026-05-14 04:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
6.8 |
MEDIUM
Physics
|
zte
|
zx297520v3_firmware
|
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40003
|
2026-05-14 04:19 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-40004
|
2026-05-14 04:17 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
- |
|
-
|
-
|
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git r…
New
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-45033
|
2026-05-14 04:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
7.2 |
HIGH
Network
|
-
|
-
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
New
|
CWE-77
Command Injection
|
CVE-2026-44865
|
2026-05-14 04:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
- |
|
-
|
-
|
Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: This candidate is a duplicate of CVE-2026-40520. Notes: All CVE users should reference CVE-2026-40520 …
New
|
-
|
CVE-2026-41410
|
2026-05-14 04:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
6.5 |
MEDIUM
Network
|
-
|
-
|
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat…
New
|
CWE-89
SQL Injection
|
CVE-2026-37429
|
2026-05-14 04:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
6.5 |
MEDIUM
Network
|
-
|
-
|
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat…
New
|
CWE-89
SQL Injection
|
CVE-2026-37428
|
2026-05-14 04:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
vsp_g130_firmware
vsp_g150_firmware
vsp_g350_firmware
vsp_g370_firmware
vsp_g700_firmware
vsp_g900_firmware
vsp_f350_firmware
vsp_f370_firmware
vs…
|
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi…
Update
|
CWE-94
Code Injection
|
CVE-2025-1978
|
2026-05-14 04:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
