|
721
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
New
|
CWE-77
Command Injection
|
CVE-2026-44868
|
2026-05-15 03:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
8.1 |
HIGH
Network
|
-
|
-
|
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke…
New
|
CWE-208
CWE-287
CWE-290
CWE-294
CWE-347
Information Exposure Through Timing Discrepancy
Improper Authentication
Authentication Bypass by Spoofing
Authentication Bypass by Capture-replay
Improper Verification of Cryptographic Signature
|
CVE-2026-42602
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
- |
|
-
|
-
|
The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he…
New
|
CWE-22
CWE-601
Path Traversal
Open Redirect
|
CVE-2026-44437
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
- |
|
-
|
-
|
PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44439
|
2026-05-15 03:17 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
- |
|
-
|
-
|
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This ove…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44216
|
2026-05-15 03:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44374
|
2026-05-15 03:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.
Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.
The user parameter is not validated o…
New
|
CWE-78
OS Command
|
CVE-2026-8500
|
2026-05-15 03:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
- |
|
-
|
-
|
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
Update
|
CWE-331
Insufficient Entropy
|
CVE-2026-4827
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
7.7 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44738
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
2.5 |
LOW
Local
|
-
|
-
|
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
New
|
CWE-415
Double Free
|
CVE-2026-44348
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
