|
1611
|
7.8 |
HIGH
Local
|
-
|
-
|
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-30905
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
7.8 |
HIGH
Local
|
-
|
-
|
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
CWE-426
Untrusted Search Path
|
CVE-2026-30906
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
5.4 |
MEDIUM
Network
|
-
|
-
|
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without …
|
CWE-79
Cross-site Scripting
|
CVE-2026-43644
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
3.7 |
LOW
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments t…
|
CWE-328
Use of Weak Hash
|
CVE-2026-44582
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
7.6 |
HIGH
Network
|
-
|
-
|
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-44516
|
2026-05-15 03:14 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
- |
|
-
|
-
|
The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redi…
|
CWE-601
Open Redirect
|
CVE-2026-44503
|
2026-05-15 03:13 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
- |
|
-
|
-
|
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, giv…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44504
|
2026-05-15 03:13 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.val…
|
CWE-94
Code Injection
|
CVE-2026-42555
|
2026-05-15 03:13 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…
|
CWE-77
Command Injection
|
CVE-2026-44870
|
2026-05-15 03:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, whic…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42159
|
2026-05-15 03:12 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
