|
951
|
8.1 |
HIGH
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management …
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-43640
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
9.1 |
CRITICAL
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
|
CWE-862
Missing Authorization
|
CVE-2026-43639
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
5.4 |
MEDIUM
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
|
CWE-862
Missing Authorization
|
CVE-2026-43638
|
2026-05-16 11:55 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
5.6 |
MEDIUM
Network
|
dell
|
elastic_cloud_storage
objectscale
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2025-43992
|
2026-05-16 11:52 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-8581
|
2026-05-16 11:48 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
3.5 |
LOW
Network
|
-
|
-
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return…
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-45781
|
2026-05-16 11:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
5.5 |
MEDIUM
Local
|
microsoft
|
word
|
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41101
|
2026-05-16 11:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
5.5 |
MEDIUM
Local
|
microsoft
|
powerpoint
|
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41102
|
2026-05-16 11:08 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
9.1 |
CRITICAL
Network
|
microsoft
|
confluence_saml_sso
jira_saml_sso
|
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
|
CWE-303
NVD-CWE-Other
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-41103
|
2026-05-16 11:07 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
5.5 |
MEDIUM
Local
|
fortinet
|
forticlient
|
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-44278
|
2026-05-16 10:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
