|
1161
|
5.6 |
MEDIUM
Network
|
dell
|
elastic_cloud_storage
objectscale
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2025-43992
|
2026-05-16 11:52 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-8581
|
2026-05-16 11:48 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
3.5 |
LOW
Network
|
-
|
-
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return…
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-45781
|
2026-05-16 11:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
5.5 |
MEDIUM
Local
|
microsoft
|
word
|
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41101
|
2026-05-16 11:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
5.5 |
MEDIUM
Local
|
microsoft
|
powerpoint
|
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
|
CWE-284
Improper Access Control
|
CVE-2026-41102
|
2026-05-16 11:08 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
9.1 |
CRITICAL
Network
|
microsoft
|
confluence_saml_sso
jira_saml_sso
|
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
|
CWE-303
NVD-CWE-Other
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-41103
|
2026-05-16 11:07 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
5.5 |
MEDIUM
Local
|
fortinet
|
forticlient
|
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-44278
|
2026-05-16 10:59 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
5.5 |
MEDIUM
Local
|
fortinet
|
fortitoken_mobile
|
A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta…
|
CWE-926
Improper Export of Android Application Components
|
CVE-2026-44279
|
2026-05-16 10:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
4.4 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
|
CWE-284
NVD-CWE-Other
Improper Access Control
|
CVE-2026-41100
|
2026-05-16 10:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
8.8 |
HIGH
Network
|
microsoft
|
data_formulator
|
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
|
CWE-94
Code Injection
|
CVE-2026-41094
|
2026-05-16 10:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
