|
4461
|
9.8 |
CRITICAL
Network
|
libexpat_project
|
libexpat
|
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
|
CWE-331
Insufficient Entropy
|
CVE-2026-7210
|
2026-05-16 12:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4462
|
8.1 |
HIGH
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management …
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-43640
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4463
|
9.1 |
CRITICAL
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
|
CWE-862
Missing Authorization
|
CVE-2026-43639
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4464
|
5.4 |
MEDIUM
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
|
CWE-862
Missing Authorization
|
CVE-2026-43638
|
2026-05-16 11:55 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4465
|
5.6 |
MEDIUM
Network
|
dell
|
elastic_cloud_storage
objectscale
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2025-43992
|
2026-05-16 11:52 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4466
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-8581
|
2026-05-16 11:48 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4467
|
3.5 |
LOW
Network
|
-
|
-
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return…
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-45781
|
2026-05-16 11:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4468
|
5.5 |
MEDIUM
Local
|
microsoft
|
word
|
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41101
|
2026-05-16 11:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4469
|
5.5 |
MEDIUM
Local
|
microsoft
|
powerpoint
|
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41102
|
2026-05-16 11:08 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4470
|
9.1 |
CRITICAL
Network
|
microsoft
|
confluence_saml_sso
jira_saml_sso
|
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
|
CWE-303
NVD-CWE-Other
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-41103
|
2026-05-16 11:07 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
