|
4181
|
- |
|
-
|
-
|
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
|
CWE-22
Path Traversal
|
CVE-2026-44301
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4182
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44245
|
2026-05-14 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4183
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users…
|
CWE-20
Improper Input Validation
|
CVE-2026-2695
|
2026-05-14 03:10 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4184
|
7.5 |
HIGH
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\Xml) does not validate the ss:I…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40863
|
2026-05-14 03:01 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4185
|
8.8 |
HIGH
Network
|
dell
|
automation_platform
|
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading …
|
CWE-862
Missing Authorization
|
CVE-2026-32658
|
2026-05-14 03:00 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4186
|
5.7 |
MEDIUM
Network
|
kimai
|
kimai
|
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-42267
|
2026-05-14 02:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4187
|
9.1 |
CRITICAL
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPPars…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42264
|
2026-05-14 02:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4188
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-21015
|
2026-05-14 02:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4189
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21016
|
2026-05-14 02:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4190
|
9.8 |
CRITICAL
Network
|
nhost
|
nhost\/auth
|
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. T…
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-41574
|
2026-05-14 02:46 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
