|
2191
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
|
CWE-77
Command Injection
|
CVE-2026-44868
|
2026-05-15 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2192
|
8.1 |
HIGH
Network
|
-
|
-
|
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke…
|
CWE-208
CWE-287
CWE-290
CWE-294
CWE-347
Information Exposure Through Timing Discrepancy
Improper Authentication
Authentication Bypass by Spoofing
Authentication Bypass by Capture-replay
Improper Verification of Cryptographic Signature
|
CVE-2026-42602
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
- |
|
-
|
-
|
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he…
|
CWE-22
CWE-601
Path Traversal
Open Redirect
|
CVE-2026-44437
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
- |
|
-
|
-
|
PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44439
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2195
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44374
|
2026-05-15 03:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2196
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated o…
|
CWE-78
OS Command
|
CVE-2026-8500
|
2026-05-15 03:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
- |
|
-
|
-
|
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
|
CWE-331
Insufficient Entropy
|
CVE-2026-4827
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2198
|
7.7 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44738
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2199
|
2.5 |
LOW
Local
|
-
|
-
|
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
|
CWE-415
Double Free
|
CVE-2026-44348
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2200
|
- |
|
-
|
-
|
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42881
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
