|
671
|
4.7 |
MEDIUM
Local
|
-
|
-
|
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently…
New
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2026-32848
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
5.3 |
MEDIUM
Local
|
oalders
|
www\
|
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.
With no explicit cache…
Update
|
CWE-502
CWE-732
Deserialization of Untrusted Data
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8612
|
2026-05-19 03:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
8.8 |
HIGH
Network
|
-
|
-
|
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
New
|
CWE-77
Command Injection
|
CVE-2025-57282
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
7.5 |
HIGH
Network
|
-
|
-
|
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-56352
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
8.6 |
HIGH
Network
|
lfprojects
|
mlflow
|
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) an…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-2652
|
2026-05-19 03:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
7.0 |
HIGH
Local
|
vmware
|
fusion
|
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41702
|
2026-05-19 03:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
5.3 |
MEDIUM
Local
|
tonyc
|
imager\
|
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8454
|
2026-05-19 03:12 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
7.1 |
HIGH
Local
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content direc…
Update
|
CWE-93
CRLF Injection
|
CVE-2026-42586
|
2026-05-19 03:02 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7498
|
2026-05-19 02:51 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-8753
|
2026-05-19 02:51 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
