|
4341
|
9.9 |
CRITICAL
Network
|
microsoft
|
dynamics_365_customer_insights
|
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
|
CWE-269
Improper Privilege Management
|
CVE-2026-33821
|
2026-05-16 03:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4342
|
6.5 |
MEDIUM
Network
|
distribution
|
distribution
|
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: fal…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41888
|
2026-05-16 03:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4343
|
7.5 |
HIGH
Network
|
mongoosejs
|
mongoose
|
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query…
|
CWE-74
Injection
|
CVE-2026-42334
|
2026-05-16 03:25 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4344
|
4.3 |
MEDIUM
Network
|
etcd
|
etcd
|
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44283
|
2026-05-16 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4345
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-16 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4346
|
9.1 |
CRITICAL
Network
|
gtsteffaniak
|
filebrowser_quantum
|
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allo…
|
CWE-22
Path Traversal
|
CVE-2026-44542
|
2026-05-16 03:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4347
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-23998
|
2026-05-16 03:08 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4348
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43908
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4349
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43909
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4350
|
5.3 |
MEDIUM
Network
|
misp
|
misp
|
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or mo…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-44379
|
2026-05-16 02:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
