|
41
|
5.5 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
visionos
|
This issue was addressed with improved data protection. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
New
|
CWE-200
Information Exposure
|
CVE-2026-28958
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
4.4 |
MEDIUM
Local
|
anthropic
|
claude_sdk_for_typescript
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-13 03:37 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
- |
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
- |
|
-
|
-
|
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5146
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
- |
|
-
|
-
|
WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-44343
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role)…
New
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2026-44204
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …
New
|
CWE-287
CWE-697
Improper Authentication
Incorrect Comparison
|
CVE-2026-44196
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy refl…
New
|
CWE-346
CWE-942
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-44184
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.…
New
|
CWE-290
CWE-348
Authentication Bypass by Spoofing
Use of Less Trusted Source
|
CVE-2026-44183
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
7.5 |
HIGH
Network
|
-
|
-
|
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a by…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-44167
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
