|
401
|
6.5 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
Update
|
CWE-22
CWE-36
Path Traversal
Absolute Path Traversal
|
CVE-2026-42315
|
2026-05-15 23:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
5.5 |
MEDIUM
Local
|
microsoft
|
live_preview
|
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Update
|
CWE-22
CWE-23
Path Traversal
Relative Path Traversal
|
CVE-2026-41612
|
2026-05-15 23:25 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
8.8 |
HIGH
Network
|
microsoft
|
visual_studio_code
|
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-78
CWE-384
OS Command
Session Fixation
|
CVE-2026-41613
|
2026-05-15 23:23 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
7.5 |
HIGH
Network
|
webtechnologies
|
changedetection
|
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vu…
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-43891
|
2026-05-15 23:20 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
New
|
CWE-284
Improper Access Control
|
CVE-2026-24711
|
2026-05-15 23:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
6.7 |
MEDIUM
Local
|
fortinet
|
fortiap
fortiap-w2
|
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versi…
Update
|
CWE-78
OS Command
|
CVE-2025-53870
|
2026-05-15 23:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
6.2 |
MEDIUM
Local
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-34688
|
2026-05-15 23:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
6.2 |
MEDIUM
Local
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-34680
|
2026-05-15 23:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
6.2 |
MEDIUM
Local
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-34679
|
2026-05-15 23:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
6.2 |
MEDIUM
Local
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34678
|
2026-05-15 23:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
