|
2761
|
- |
|
-
|
-
|
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. …
|
CWE-22
CWE-269
CWE-284
CWE-732
Path Traversal
Improper Privilege Management
Improper Access Control
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8069
|
2026-05-9 00:34 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2762
|
- |
|
-
|
-
|
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and inte…
|
CWE-89
SQL Injection
|
CVE-2026-44349
|
2026-05-9 00:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2763
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filte…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41906
|
2026-05-9 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2764
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: fix race conditions in sco_sock_connect()
sco_sock_connect() checks sk_state and sk_type without holding
the sock…
|
CWE-362
Race Condition
|
CVE-2026-43023
|
2026-05-8 23:56 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2765
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists
hci_cmd_sync_queue_once() needs to indicate whether a que…
|
NVD-CWE-noinfo
|
CVE-2026-43022
|
2026-05-8 23:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2766
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails
When hci_cmd_sync_queue_once() returns with error, the destroy …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43021
|
2026-05-8 23:50 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2767
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: validate LTK enc_size on load
Load Long Term Keys stores the user-provided enc_size and later uses
it to size fi…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43020
|
2026-05-8 23:41 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2768
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
hci_conn lookup and field access must be covered by hdev lock in
se…
|
CWE-416
Use After Free
|
CVE-2026-43019
|
2026-05-8 23:35 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2769
|
6.5 |
MEDIUM
Network
|
-
|
-
|
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updat…
|
-
|
CVE-2026-8142
|
2026-05-8 23:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2770
|
8.8 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
hci_conn lookup and field access must be covered by h…
|
CWE-416
Use After Free
|
CVE-2026-43018
|
2026-05-8 23:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
