|
371
|
- |
|
-
|
-
|
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2031
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
6.5 |
MEDIUM
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-44195
|
2026-05-16 01:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
9.8 |
CRITICAL
Network
|
apache
|
tomcat
|
Improper Input Validation vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-41293
|
2026-05-16 00:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
9.8 |
CRITICAL
Network
|
apache
|
tomcat
|
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fr…
Update
|
CWE-592
DEPRECATED: Authentication Bypass Issues
|
CVE-2026-43512
|
2026-05-16 00:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
7.5 |
HIGH
Network
|
espressif
|
arduino-esp32
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp…
Update
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-42855
|
2026-05-16 00:54 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 …
Update
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-43513
|
2026-05-16 00:53 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
9.1 |
CRITICAL
Network
|
apache
|
tomcat
|
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21,…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-43515
|
2026-05-16 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
Update
|
CWE-77
Command Injection
|
CVE-2026-44866
|
2026-05-16 00:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
5.9 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path han…
Update
|
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CVE-2026-44572
|
2026-05-16 00:46 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2022_23h2
windows_server_2025
|
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-41088
|
2026-05-16 00:45 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
