|
1591
|
- |
|
-
|
-
|
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44371
|
2026-05-15 03:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
7.5 |
HIGH
Network
|
-
|
-
|
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-44375
|
2026-05-15 03:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
9.6 |
CRITICAL
Network
|
-
|
-
|
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app…
|
CWE-20
CWE-79
CWE-94
CWE-862
Improper Input Validation
Cross-site Scripting
Code Injection
Missing Authorization
|
CVE-2026-44482
|
2026-05-15 03:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
7.4 |
HIGH
Network
|
-
|
-
|
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a v…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-44511
|
2026-05-15 03:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
|
CWE-77
Command Injection
|
CVE-2026-44867
|
2026-05-15 03:19 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8292
|
2026-05-15 03:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8291
|
2026-05-15 03:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
|
CWE-77
Command Injection
|
CVE-2026-44868
|
2026-05-15 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
8.1 |
HIGH
Network
|
-
|
-
|
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke…
|
CWE-208
CWE-287
CWE-290
CWE-294
CWE-347
Information Exposure Through Timing Discrepancy
Improper Authentication
Authentication Bypass by Spoofing
Authentication Bypass by Capture-replay
Improper Verification of Cryptographic Signature
|
CVE-2026-42602
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
- |
|
-
|
-
|
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he…
|
CWE-22
CWE-601
Path Traversal
Open Redirect
|
CVE-2026-44437
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
