|
1541
|
- |
|
-
|
-
|
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review …
|
CWE-863
Incorrect Authorization
|
CVE-2026-2725
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.
|
CWE-94
Code Injection
|
CVE-2025-65719
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
- |
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvide…
|
CWE-285
CWE-668
Improper Authorization
Exposure of Resource to Wrong Sphere
|
CVE-2026-42875
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
4.9 |
MEDIUM
Network
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSec…
|
CWE-285
Improper Authorization
|
CVE-2026-42876
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8290
|
2026-05-14 01:11 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8267
|
2026-05-14 01:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
- |
|
-
|
-
|
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted app…
|
CWE-601
Open Redirect
|
CVE-2026-41513
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, req…
|
CWE-94
Code Injection
|
CVE-2026-44262
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
7.5 |
HIGH
Network
|
-
|
-
|
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
|
CWE-400
CWE-405
Uncontrolled Resource Consumption
Asymmetric Resource Consumption (Amplification)
|
CVE-2026-44296
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious …
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-42156
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
