CVE-2026-41965 - Apache Web Server Use-After-Free (UAF) Buffer Overflow
CVE ID :CVE-2026-41965
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41965
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41966 - "Microsoft Smart Sensing Service Authorization Bypass"
CVE ID :CVE-2026-41966
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41966
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41967 - "Adobe Manufacturability Design Module Permissions Vulnerability"
CVE ID :CVE-2026-41967
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41967
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41968 - "Qualtrics Design Module Unauthenticated Remote Access Vulnerability"
CVE ID :CVE-2026-41968
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41968
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41969 - Apache Airflow Permission Escalation
CVE ID :CVE-2026-41969
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41969
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41970 - Apache Distributed File System Out-of-Bounds Write Vulnerability
CVE ID :CVE-2026-41970
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41970
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41971 - "Apache Security Control Module Permission Bypass"
CVE ID :CVE-2026-41971
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41971
Published : May 15, 2026, 10:16 a.m. | 2 hours, 47 minutes ago
Description :Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8454 - Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
CVE ID :CVE-2026-8454
Published : May 15, 2026, 12:17 p.m. | 46 minutes ago
Description :Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8454
Published : May 15, 2026, 12:17 p.m. | 46 minutes ago
Description :Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8503 - Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
CVE ID :CVE-2026-8503
Published : May 15, 2026, 12:17 p.m. | 46 minutes ago
Description :Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems. Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module. This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8503
Published : May 15, 2026, 12:17 p.m. | 46 minutes ago
Description :Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems. Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module. This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7182 - Path Traversal in Diagram
CVE ID :CVE-2026-7182
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7182
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41552 - Path Traversal in PDF Export Module
CVE ID :CVE-2026-41552
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41552
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41553 - Remote Code Execution in PDF Export Module
CVE ID :CVE-2026-41553
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise. This issue was fixed in PDF Export Module version 0.7.6.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41553
Published : May 15, 2026, 12:31 p.m. | 32 minutes ago
Description :PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise. This issue was fixed in PDF Export Module version 0.7.6.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14972 - Insufficient DPA countermeasure reseeding
CVE ID :CVE-2025-14972
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-14972
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67437 - MedicarePlus Password Reset Privilege Escalation
CVE ID :CVE-2025-67437
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-67437
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34253 - Vorbis-tools Ogg123 Buffer Underflow Vulnerability
CVE ID :CVE-2026-34253
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-34253
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-38728 - Nodemailer SMTP Denial of Service Vulnerability
CVE ID :CVE-2026-38728
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-38728
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39052 - Pamirs Oinone ScriptRunner Code Execution Vulnerability
CVE ID :CVE-2026-39052
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39052
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39053 - Pamirs Oinone XXE File Disclosure/SSRF Vulnerability
CVE ID :CVE-2026-39053
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39053
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39054 - Pamirs Oinone Command Injection Vulnerability
CVE ID :CVE-2026-39054
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39054
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45736 - ws: Uninitialized memory disclosure
CVE ID :CVE-2026-45736
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-45736
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-46483 - Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
CVE ID :CVE-2026-46483
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-46483
Published : May 15, 2026, 3:16 p.m. | 1 hour, 48 minutes ago
Description :Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...