|
3421
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: usbtmc: Flush anchored URBs in usbtmc_release
When calling usbtmc_release, pending anchored URBs must be flushed or
killed t…
|
CWE-416
Use After Free
|
CVE-2026-31758
|
2026-05-9 03:23 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3422
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent
ctnetlink_alloc_expect() allocates expectations from a no…
|
NVD-CWE-noinfo
|
CVE-2026-43026
|
2026-05-9 03:21 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3423
|
7.5 |
HIGH
Network
|
zfnd
|
zebra-chain
zebrad
|
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and …
|
CWE-617
Reachable Assertion
|
CVE-2026-41584
|
2026-05-9 03:21 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3424
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: fix double free in ulpi_register_interface() error path
When device_register() fails, ulpi_register() calls put_device…
|
CWE-415
Double Free
|
CVE-2026-31759
|
2026-05-9 03:20 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3425
|
6.5 |
MEDIUM
Network
|
zfnd
|
zebra-rpc
zebrad
|
ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middlewa…
|
CWE-248
CWE-617
Uncaught Exception
Reachable Assertion
|
CVE-2026-41585
|
2026-05-9 03:19 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3426
|
7.3 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: ignore explicit helper on new expectations
Use the existing master conntrack helper, anything else is not r…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43025
|
2026-05-9 03:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3427
|
- |
|
-
|
-
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller…
|
CWE-89
SQL Injection
|
CVE-2026-42208
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3428
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67886
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3429
|
7.3 |
HIGH
Network
|
-
|
-
|
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
|
CWE-94
Code Injection
|
CVE-2024-46507
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3430
|
7.3 |
HIGH
Network
|
-
|
-
|
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free…
|
CWE-77
Command Injection
|
CVE-2024-45257
|
2026-05-9 03:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
