|
6541
|
6.5 |
MEDIUM
Network
|
getoutline
|
outline
|
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A…
|
CWE-352
Origin Validation Error
|
CVE-2026-44695
|
2026-05-16 05:21 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6542
|
8.7 |
HIGH
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as grou…
|
CWE-285
Improper Authorization
|
CVE-2026-43912
|
2026-05-16 05:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6543
|
9.1 |
CRITICAL
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The end…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-45053
|
2026-05-16 05:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6544
|
6.1 |
MEDIUM
Network
|
-
|
-
|
CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.p…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44376
|
2026-05-16 05:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6545
|
5.3 |
MEDIUM
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authentic…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-24000
|
2026-05-16 05:05 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6546
|
7.8 |
HIGH
Local
|
intel
|
quickassist_technology
|
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
|
CWE-20
Improper Input Validation
|
CVE-2026-20767
|
2026-05-16 05:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6547
|
7.8 |
HIGH
Local
|
intel
|
quickassist_technology
|
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with a…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20714
|
2026-05-16 05:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6548
|
5.5 |
MEDIUM
Local
|
intel
|
quickassist_technology
|
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-20914
|
2026-05-16 05:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6549
|
6.6 |
MEDIUM
Local
|
intel
|
quickassist_technology
|
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an…
|
CWE-20
Improper Input Validation
|
CVE-2026-20905
|
2026-05-16 05:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6550
|
5.5 |
MEDIUM
Local
|
intel
|
quickassist_technology
|
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic…
|
CWE-369
Divide By Zero
|
CVE-2026-20881
|
2026-05-16 05:04 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
