|
1261
|
9.9 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin expos…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43999
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
5.6 |
MEDIUM
Local
|
-
|
-
|
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-29338
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
7.3 |
HIGH
Network
|
-
|
-
|
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-55045
|
2026-05-15 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated S…
|
-
|
CVE-2026-8496
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
- |
|
-
|
-
|
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the cli…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2025-68420
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
- |
|
-
|
-
|
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elev…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2025-68421
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
- |
|
-
|
-
|
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1630
|
2026-05-15 01:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
- |
|
-
|
-
|
Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and p…
|
CWE-79
Cross-site Scripting
|
CVE-2026-21730
|
2026-05-15 01:04 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-35415
|
2026-05-15 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-35416
|
2026-05-15 00:55 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
