5
CVE-2026-22726 - Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachablβ¦
4.7
CVE-2026-5404 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
7.8
CVE-2026-5403 - Heap-based Buffer Overflow in Wireshark
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
7
CVE-2026-5656 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
7.8
CVE-2026-5405 - Heap-based Buffer Overflow in Wireshark
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
5.3
CVE-2026-7510 - OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publiβ¦
5.3
CVE-2026-7508 - Bootstrap CMS Page Creation show.blade.php code injection
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible. Tβ¦
6.9
CVE-2026-7506 - SourceCodester Hotel Management System check sql injection
A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the pubβ¦
6.9
CVE-2026-7505 - nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.β¦
6.5
CVE-2026-28909 - Credential Exposure via Hostname Bypass Patterns in Apple Container
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.