|
1901
|
5.3 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
|
CWE-78
OS Command
|
CVE-2026-44656
|
2026-05-14 22:59 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
5.3 |
MEDIUM
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44431
|
2026-05-14 22:56 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
4.4 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a cr…
|
CWE-78
OS Command
|
CVE-2026-42307
|
2026-05-14 22:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
5.3 |
MEDIUM
Network
|
redwoodjs
|
redwoodsdk
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-14 22:54 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operat…
|
CWE-94
Code Injection
|
CVE-2026-43680
|
2026-05-14 22:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
7.2 |
HIGH
Network
|
claris
|
filemaker_cloud
|
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External OD…
|
CWE-78
OS Command
|
CVE-2026-43685
|
2026-05-14 22:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
7.5 |
HIGH
Network
|
python
|
urllib3
|
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-44432
|
2026-05-14 22:49 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
5.9 |
MEDIUM
Network
|
haxx
|
curl
|
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SM…
|
CWE-295
CWE-319
Improper Certificate Validation
Cleartext Transmission of Sensitive Information
|
CVE-2026-4873
|
2026-05-14 22:45 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
5.4 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when s…
|
CWE-436
Interpretation Conflict
|
CVE-2026-44576
|
2026-05-14 22:44 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
5.9 |
MEDIUM
Network
|
haxx
|
curl
|
curl might erroneously pass on credentials for a first proxy to a second
proxy.
This can happen when the following conditions are true:
1. curl is setup to use specific different proxies for differ…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6253
|
2026-05-14 22:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
