|
671
|
- |
|
-
|
-
|
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-4827
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
7.7 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44738
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
2.5 |
LOW
Local
|
-
|
-
|
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
New
|
CWE-415
Double Free
|
CVE-2026-44348
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
- |
|
-
|
-
|
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42881
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
8.1 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existi…
Update
|
CWE-269
CWE-285
CWE-639
CWE-837
Improper Privilege Management
Improper Authorization
Authorization Bypass Through User-Controlled Key
Improper Enforcement of a Single, Unique Action
|
CVE-2026-42609
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers…
New
|
CWE-73
CWE-918
External Control of File Name or Path
Server-Side Request Forgery (SSRF)
|
CVE-2026-42597
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
8.2 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42591
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
8.2 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t…
New
|
CWE-73
CWE-184
External Control of File Name or Path
Incomplete Blacklist
|
CVE-2026-40893
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
New
|
CWE-77
Command Injection
|
CVE-2026-44869
|
2026-05-15 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
1.8 |
LOW
Physics
|
-
|
-
|
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-30904
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
