|
4701
|
6.2 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41614
|
2026-05-14 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4702
|
7.5 |
HIGH
Network
|
haxx
|
curl
|
Using libcurl, when a custom `Host:` header is first set for an HTTP request
and a second request is subsequently done using the same *easy handle* but
without the custom `Host:` header set, the seco…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-6276
|
2026-05-14 23:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4703
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, libcurl could leak the password used for the first host to the
followed-to host under certain circumstances.
|
NVD-CWE-noinfo
|
CVE-2026-6429
|
2026-05-14 23:18 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4704
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
When curl is told to use the Certificate Status Request TLS extension, often
referred to as *OCSP stapling*, to verify that the server certificate is
valid, it fails to detect OCSP problems and inste…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7009
|
2026-05-14 23:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4705
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts wit…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-45109
|
2026-05-14 23:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4706
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
Successfully using libcurl to do a transfer over a specific HTTP proxy
(`proxyA`) with **Digest** authentication and then changing the proxy host to
a second one (`proxyB`) for a second transfer, reu…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-7168
|
2026-05-14 23:12 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4707
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
|
CWE-358
CWE-693
Improperly Implemented Security Check for Standard
Protection Mechanism Failure
|
CVE-2026-28914
|
2026-05-14 23:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4708
|
7.8 |
HIGH
Local
|
apple
|
macos
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able …
|
CWE-22
Path Traversal
|
CVE-2026-28915
|
2026-05-14 23:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4709
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
visionos
watchos
|
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5,…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-28943
|
2026-05-14 23:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4710
|
5.5 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watc…
|
CWE-362
Race Condition
|
CVE-2026-28996
|
2026-05-14 23:01 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
