|
3161
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
On the receive path, __ioam6_fill_trace_data() uses trace->node…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43186
|
2026-05-12 05:40 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3162
|
8.8 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfs: delete attr leaf freemap entries when empty
Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size
underflow…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-43187
|
2026-05-12 05:38 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3163
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ceph: do not propagate page array emplacement errors as batch errors
When fscrypt is enabled, move_dirty_folio_in_page_array() ma…
|
NVD-CWE-noinfo
|
CVE-2026-43188
|
2026-05-12 05:38 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3164
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dm mpath: Add missing dm_put_device when failing to get scsi dh name
When commit fd81bc5cca8f ("scsi: device_handler: Return erro…
|
NVD-CWE-noinfo
|
CVE-2026-43192
|
2026-05-12 05:36 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3165
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg()
Claude pointed out that there is a nfs4_file refcount leak in
nfsd_get_…
|
NVD-CWE-Other
|
CVE-2026-43193
|
2026-05-12 05:36 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3166
|
9.6 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules…
|
CWE-20
CWE-22
CWE-94
CWE-829
CWE-913
Improper Input Validation
Path Traversal
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-44336
|
2026-05-12 05:25 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3167
|
9.8 |
CRITICAL
Network
|
-
|
-
|
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-69599
|
2026-05-12 05:25 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3168
|
9.8 |
CRITICAL
Network
|
-
|
-
|
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil…
|
CWE-94
Code Injection
|
CVE-2025-67887
|
2026-05-12 05:25 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3169
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate user queue size constraints
Add validation to ensure user queue sizes meet hardware requirements:
- Size mus…
|
NVD-CWE-noinfo
|
CVE-2026-43195
|
2026-05-12 05:21 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3170
|
7.5 |
HIGH
Network
|
-
|
-
|
Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.
|
CWE-611
XXE
|
CVE-2023-42346
|
2026-05-12 05:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
