|
2561
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-35439
|
2026-05-14 05:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2562
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40365
|
2026-05-14 05:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2563
|
8.0 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40368
|
2026-05-14 05:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2564
|
7.5 |
HIGH
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected bo…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44289
|
2026-05-14 05:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2565
|
7.5 |
HIGH
Network
|
protobufjs_project
|
protobufjs
|
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-45740
|
2026-05-14 05:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2566
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40357
|
2026-05-14 05:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2567
|
9.6 |
CRITICAL
Network
|
ivanti
|
xtraction
|
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to …
|
CWE-73
External Control of File Name or Path
|
CVE-2026-8043
|
2026-05-14 05:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2568
|
5.0 |
MEDIUM
Local
|
-
|
-
|
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41051
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2569
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34684
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2570
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34683
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
