|
571
|
- |
|
-
|
-
|
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator passwor…
|
CWE-20
Improper Input Validation
|
CVE-2026-3294
|
2026-05-23 06:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
- |
|
-
|
-
|
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39970
|
2026-05-23 06:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
9.8 |
CRITICAL
Network
|
kovidgoyal
|
kitty
|
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned …
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-33642
|
2026-05-23 06:05 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
8.8 |
HIGH
Network
|
kovidgoyal
|
kitty
|
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-33633
|
2026-05-23 06:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
9.6 |
CRITICAL
Network
|
lfprojects
|
mlflow
|
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests fr…
|
CWE-346
Origin Validation Error
|
CVE-2026-2611
|
2026-05-23 06:00 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
7.5 |
HIGH
Network
|
nvidia
|
tensorrt
|
NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-24188
|
2026-05-23 05:52 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
8.2 |
HIGH
Network
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application …
|
CWE-601
Open Redirect
|
CVE-2025-26483
|
2026-05-23 05:48 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
6.5 |
MEDIUM
Adjacent
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulner…
|
CWE-295
Improper Certificate Validation
|
CVE-2025-32745
|
2026-05-23 05:48 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
5.5 |
MEDIUM
Local
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnera…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2025-32746
|
2026-05-23 05:45 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
7.8 |
HIGH
Local
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2025-32747
|
2026-05-23 05:45 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
