|
4381
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31243
|
2026-05-15 03:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4382
|
9.1 |
CRITICAL
Network
|
mem0
|
mem0
|
The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE r…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31242
|
2026-05-15 03:37 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4383
|
6.5 |
MEDIUM
Network
|
mem0
|
mem0
|
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by sp…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-31241
|
2026-05-15 03:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4384
|
8.6 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to serve…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44578
|
2026-05-15 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4385
|
7.5 |
HIGH
Network
|
argoproj
|
argo_workflows
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42294
|
2026-05-15 03:34 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4386
|
7.5 |
HIGH
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerab…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44579
|
2026-05-15 03:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4387
|
6.1 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44580
|
2026-05-15 03:33 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4388
|
7.5 |
HIGH
Network
|
-
|
-
|
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-46419
|
2026-05-15 03:31 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4389
|
- |
|
-
|
-
|
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44515
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4390
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A…
|
CWE-1385
Missing Origin Validation in WebSockets
|
CVE-2026-44514
|
2026-05-15 03:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
