|
1571
|
6.1 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44580
|
2026-05-15 03:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1572
|
7.5 |
HIGH
Network
|
-
|
-
|
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-46419
|
2026-05-15 03:31 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1573
|
- |
|
-
|
-
|
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44515
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1574
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-44514
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1575
|
8.6 |
HIGH
Network
|
-
|
-
|
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-29205
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1576
|
8.2 |
HIGH
Network
|
-
|
-
|
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-32992
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1577
|
4.7 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44581
|
2026-05-15 03:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1578
|
- |
|
-
|
-
|
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible t…
|
CWE-22
Path Traversal
|
CVE-2026-42598
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1579
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44520
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1580
|
- |
|
-
|
-
|
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44544
|
2026-05-15 03:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
