|
131
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled Gra…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42793
|
2026-05-9 22:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation resul…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8186
|
2026-05-9 21:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption…
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-8187
|
2026-05-9 20:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authe…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-8185
|
2026-05-9 20:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
7.2 |
HIGH
Network
|
-
|
-
|
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
New
|
-
|
CVE-2026-3828
|
2026-05-9 18:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to…
New
|
-
|
CVE-2026-32683
|
2026-05-9 18:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
6.8 |
MEDIUM
Network
|
-
|
-
|
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
New
|
-
|
CVE-2026-1749
|
2026-05-9 18:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
9.1 |
CRITICAL
Network
|
apache
|
cloudstack
|
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants.
This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0.
The Proxm…
New
|
CWE-200
Information Exposure
|
CVE-2026-25199
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
5.3 |
MEDIUM
Network
|
apache
|
cloudstack
|
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limi…
New
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2025-69233
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
8.0 |
HIGH
Network
|
-
|
-
|
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
New
|
CWE-459
Incomplete Cleanup
|
CVE-2025-66467
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
