|
3891
|
- |
|
-
|
-
|
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
|
CWE-331
Insufficient Entropy
|
CVE-2026-4827
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3892
|
7.7 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-44738
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3893
|
2.5 |
LOW
Local
|
-
|
-
|
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
|
CWE-415
Double Free
|
CVE-2026-44348
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3894
|
- |
|
-
|
-
|
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42881
|
2026-05-15 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3895
|
8.1 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existi…
|
CWE-269
CWE-285
CWE-639
CWE-837
Improper Privilege Management
Improper Authorization
Authorization Bypass Through User-Controlled Key
Improper Enforcement of a Single, Unique Action
|
CVE-2026-42609
|
2026-05-15 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3896
|
8.8 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…
|
CWE-77
Command Injection
|
CVE-2026-44869
|
2026-05-15 03:15 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3897
|
1.8 |
LOW
Physics
|
-
|
-
|
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-30904
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3898
|
7.8 |
HIGH
Local
|
-
|
-
|
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-30905
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3899
|
7.8 |
HIGH
Local
|
-
|
-
|
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
|
CWE-426
Untrusted Search Path
|
CVE-2026-30906
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3900
|
5.4 |
MEDIUM
Network
|
-
|
-
|
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without …
|
CWE-79
Cross-site Scripting
|
CVE-2026-43644
|
2026-05-15 03:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
