|
1581
|
6.5 |
MEDIUM
Network
|
warpgate_project
|
warpgate
|
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in…
|
CWE-352
Origin Validation Error
|
CVE-2026-44347
|
2026-05-14 23:27 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
8.1 |
HIGH
Network
|
microsoft
|
azure_monitor_action_group_notification_system
|
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41105
|
2026-05-14 23:27 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
6.5 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-42891
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
|
CWE-74
Injection
|
CVE-2026-42838
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
9.1 |
CRITICAL
Network
|
microsoft
|
dynamics_365
|
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
|
CWE-250
NVD-CWE-noinfo
Execution with Unnecessary Privileges
|
CVE-2026-42833
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
6.5 |
MEDIUM
Local
|
microsoft
|
azure_monitor_agent
|
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
CWE-426
Untrusted Search Path
|
CVE-2026-42830
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-42825
|
2026-05-14 23:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
9.9 |
CRITICAL
Network
|
microsoft
|
azure_logic_apps
|
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
|
CWE-284
Improper Access Control
|
CVE-2026-42823
|
2026-05-14 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
6.2 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41614
|
2026-05-14 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
Using libcurl, when a custom `Host:` header is first set for an HTTP request
and a second request is subsequently done using the same *easy handle* but
without the custom `Host:` header set, the seco…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-6276
|
2026-05-14 23:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
