|
311
|
7.8 |
HIGH
Local
|
microsoft
|
azure_connected_machine_agent
|
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-40381
|
2026-05-18 22:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-18 22:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
5.4 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
Update
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-18 22:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-35429
|
2026-05-18 22:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
5.5 |
MEDIUM
Local
|
microsoft
|
teams
|
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-32185
|
2026-05-18 22:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-40416
|
2026-05-18 22:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
5.5 |
MEDIUM
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-46333
|
2026-05-18 22:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa…
New
|
CWE-475
Undefined Behavior for Input to API
|
CVE-2026-42009
|
2026-05-18 22:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
9.8 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42581
|
2026-05-18 22:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
9.8 |
CRITICAL
Network
|
espressif
|
arduino-esp32
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42854
|
2026-05-18 22:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
