0.0

CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packeโ€ฆ

๐Ÿ“… Published: May 8, 2026, 7:21 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 7:21 a.m.

2.9

CVSS3.1

CVE-2026-44928 -

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

๐Ÿ“… Published: May 8, 2026, 7:15 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 7:16 a.m.

2.9

CVSS3.1

CVE-2026-44927 -

In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

๐Ÿ“… Published: May 8, 2026, 7:13 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 7:15 a.m.

3

CVSS3.1

CVE-2026-44916 -

In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.

๐Ÿ“… Published: May 8, 2026, 6:38 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 6:38 a.m.

5.1

CVSS4.0

CVE-2026-8149 - GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2.

๐Ÿ“… Published: May 8, 2026, 6:01 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 6:01 a.m.

0.0

CVE-2026-4935 - SureTriggers < 1.1.23 โ€“ Unauthenticated SQLi

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.

๐Ÿ“… Published: May 8, 2026, 6 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 6 a.m.

8.5

CVSS4.0

CVE-2026-8069 - PredatorSense V3: Local Privilege Escalation (LPE) vulnerability

PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrarโ€ฆ

๐Ÿ“… Published: May 8, 2026, 5:57 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 5:57 a.m.

0.0

CVE-2026-8148 -

NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.

๐Ÿ“… Published: May 8, 2026, 4:36 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 4:36 a.m.

8.7

CVSS4.0

CVE-2026-8138 - Tenda CX12L SetPptpServerCfgโ€ formSetPPTPServer stack-based overflow

A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfgโ€. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

๐Ÿ“… Published: May 8, 2026, 4:15 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 4:15 a.m.

8.7

CVSS4.0

CVE-2026-8137 - Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosโ€ฆ

๐Ÿ“… Published: May 8, 2026, 4 a.m. ๐Ÿ”„ Last Modified: May 8, 2026, 4 a.m.
Total resulsts: 348916
Page 2 of 34,892
ยซ previous page ยป next page
Filters