|
1331
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
siemens
|
pan-os
ruggedcom_ape1808_firmware
|
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code w…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-0300
|
2026-05-13 03:47 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1332
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS …
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28990
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1333
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watch…
New
|
CWE-284
Improper Access Control
|
CVE-2026-28974
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1334
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
|
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen.
New
|
CWE-284
Improper Access Control
|
CVE-2026-28965
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1335
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
visionos
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-28964
|
2026-05-13 03:46 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1336
|
4.4 |
MEDIUM
Local
|
anthropic
|
claude_sdk_for_typescript
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-13 03:37 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1337
|
- |
|
-
|
-
|
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-8368
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1338
|
4.2 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement p…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-43883
|
2026-05-13 03:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1339
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the de…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-43877
|
2026-05-13 03:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1340
|
- |
|
-
|
-
|
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21,…
New
|
CWE-285
Improper Authorization
|
CVE-2026-43515
|
2026-05-13 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
