|
1561
|
- |
|
-
|
-
|
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44515
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1562
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-44514
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1563
|
8.6 |
HIGH
Network
|
-
|
-
|
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-29205
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1564
|
8.2 |
HIGH
Network
|
-
|
-
|
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-32992
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1565
|
4.7 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44581
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1566
|
- |
|
-
|
-
|
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible t…
|
CWE-22
Path Traversal
|
CVE-2026-42598
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1567
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44520
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1568
|
- |
|
-
|
-
|
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44544
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1569
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint …
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-42572
|
2026-05-15 03:26 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1570
|
8.3 |
HIGH
Network
|
-
|
-
|
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expo…
|
CWE-1104
Use of Unmaintained Third Party Components
|
CVE-2026-21821
|
2026-05-15 03:24 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
