|
5281
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21022
|
2026-05-14 02:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5282
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-14 02:26 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5283
|
- |
|
-
|
-
|
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
|
CWE-200
Information Exposure
|
CVE-2026-42865
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5284
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43995
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5285
|
8.4 |
HIGH
Local
|
-
|
-
|
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2020-37221
|
2026-05-14 02:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5286
|
- |
|
-
|
-
|
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization …
|
CWE-602
CWE-863
Client-Side Enforcement of Server-Side Security
Incorrect Authorization
|
CVE-2026-42160
|
2026-05-14 02:24 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5287
|
9.9 |
CRITICAL
Network
|
-
|
-
|
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = […
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-42864
|
2026-05-14 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5288
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-44305
|
2026-05-14 02:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5289
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
|
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
|
CWE-119
CWE-686
CWE-843
Incorrect Access of Indexable Resource ('Range Error')
Function Call With Incorrect Argument Type
Type Confusion
|
CVE-2026-8389
|
2026-05-14 02:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5290
|
8.8 |
HIGH
Local
|
apple
|
macos
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
|
CWE-284
Improper Access Control
|
CVE-2025-43524
|
2026-05-14 02:22 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
