|
2151
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…
|
CWE-89
SQL Injection
|
CVE-2026-44862
|
2026-05-15 03:41 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2152
|
6.5 |
MEDIUM
Network
|
liquidjs
|
liquidjs
|
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-41311
|
2026-05-15 03:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2153
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…
|
CWE-89
SQL Injection
|
CVE-2026-44863
|
2026-05-15 03:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2154
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…
|
CWE-89
SQL Injection
|
CVE-2026-44864
|
2026-05-15 03:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2155
|
6.5 |
MEDIUM
Network
|
argoproj
|
argo_workflows
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42183
|
2026-05-15 03:40 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2156
|
5.3 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory recor…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31245
|
2026-05-15 03:39 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2157
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrar…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31244
|
2026-05-15 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2158
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31243
|
2026-05-15 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2159
|
9.1 |
CRITICAL
Network
|
mem0
|
mem0
|
The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE r…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31242
|
2026-05-15 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2160
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by sp…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31241
|
2026-05-15 03:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
