|
1011
|
5.3 |
MEDIUM
Network
|
eclipse
|
vert.x
|
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep…
Update
|
CWE-770
CWE-295
Allocation of Resources Without Limits or Throttling
Improper Certificate Validation
|
CVE-2026-6860
|
2026-05-12 22:42 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
Update
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-66171
|
2026-05-12 22:31 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
Update
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-66172
|
2026-05-12 22:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values.
cow_sse:event/1 in cowlib guards…
New
|
CWE-93
CRLF Injection
|
CVE-2026-43968
|
2026-05-12 22:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
2.9 |
LOW
Local
|
-
|
-
|
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
New
|
-
|
CVE-2026-32684
|
2026-05-12 20:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
- |
|
-
|
-
|
Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-8072
|
2026-05-12 19:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-1681
|
2026-05-12 16:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
7.1 |
HIGH
Network
|
-
|
-
|
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
New
|
CWE-352
Origin Validation Error
|
CVE-2026-45430
|
2026-05-12 13:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.1 |
HIGH
Network
|
-
|
-
|
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an …
New
|
CWE-345
CWE-863
CWE-1188
Insufficient Verification of Data Authenticity
Incorrect Authorization
Insecure Default Initialization of Resource
|
CVE-2026-41432
|
2026-05-12 12:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Update
|
NVD-CWE-noinfo
CWE-346
Origin Validation Error
|
CVE-2026-7979
|
2026-05-12 10:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
