|
2851
|
5.3 |
MEDIUM
Network
|
eclipse
|
vert.x
|
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep…
|
CWE-770
CWE-295
Allocation of Resources Without Limits or Throttling
Improper Certificate Validation
|
CVE-2026-6860
|
2026-05-12 22:42 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
6.5 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-66171
|
2026-05-12 22:31 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2025-66172
|
2026-05-12 22:30 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
NVD-CWE-noinfo
CWE-346
Origin Validation Error
|
CVE-2026-7979
|
2026-05-12 10:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
3.0 |
LOW
Network
|
-
|
-
|
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44916
|
2026-05-12 09:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
7.5 |
HIGH
Network
|
postfix
|
postfix
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-12 06:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rnbd-srv: Zero the rsp buffer before using it
Before using the data buffer to send back the response message, zero it
completely.…
|
NVD-CWE-noinfo
|
CVE-2026-43184
|
2026-05-12 05:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: cx25821: Fix a resource leak in cx25821_dev_setup()
Add release_mem_region() if ioremap() fails to release the memory
regi…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43183
|
2026-05-12 05:55 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: sysfs: fix chip removal with GPIOs exported over sysfs
Currently if we export a GPIO over sysfs and unbind the parent GPIO
…
|
NVD-CWE-noinfo
|
CVE-2026-43181
|
2026-05-12 05:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: ccs: Avoid possible division by zero
Calculating maximum M for scaler configuration involves dividing by
MIN_X_OUTPUT_SIZE…
|
CWE-369
Divide By Zero
|
CVE-2026-43182
|
2026-05-12 05:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
