|
1261
|
8.5 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-43001
|
2026-05-5 03:25 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
7.8 |
HIGH
Local
|
zhinst
|
labone_q
|
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7584
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
9.8 |
CRITICAL
Network
|
bitwarden
|
cli
|
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.
Update
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-42994
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
6.5 |
MEDIUM
Network
|
apple
|
container
|
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-28909
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
8.8 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
Update
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6542
|
2026-05-5 03:21 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
9.8 |
CRITICAL
Network
|
progress
|
moveit_automation
|
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-4670
|
2026-05-5 03:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
8.8 |
HIGH
Network
|
-
|
-
|
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.
Update
|
CWE-611
XXE
|
CVE-2026-36765
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
8.8 |
HIGH
Network
|
-
|
-
|
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-36762
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer Over-read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-34059
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
