|
6101
|
9.8 |
CRITICAL
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-43914
|
2026-05-14 04:35 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6102
|
7.8 |
HIGH
Local
|
adobe
|
after_effects
|
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34642
|
2026-05-14 04:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6103
|
7.8 |
HIGH
Local
|
adobe
|
after_effects
|
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34643
|
2026-05-14 04:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6104
|
7.8 |
HIGH
Local
|
adobe
|
after_effects
|
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Explo…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-34644
|
2026-05-14 04:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6105
|
6.5 |
MEDIUM
Network
|
haxx
|
curl
|
libcurl might in some circumstances reuse the wrong connection when asked to
do an authenticated HTTP(S) request after a Negotiate-authenticated one, when
both use the same host.
libcurl features a …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-5545
|
2026-05-14 04:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6106
|
8.1 |
HIGH
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flo…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43913
|
2026-05-14 04:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6107
|
5.3 |
MEDIUM
Network
|
leont
|
crypt\
|
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.
The auto-detect form of argon2_verify passes encoded_len - 1 as the…
|
CWE-126
CWE-191
Buffer Over-read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-8463
|
2026-05-14 04:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6108
|
6.8 |
MEDIUM
Physics
|
zte
|
zx297520v3_firmware
|
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40003
|
2026-05-14 04:19 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6109
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-40004
|
2026-05-14 04:17 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6110
|
- |
|
-
|
-
|
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git r…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-45033
|
2026-05-14 04:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
