|
3801
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.
cow_spdy:inflate/2 in cowlib…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-43970
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3802
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8466
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3803
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing.
'Elixir.Plug.Conn':rea…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8468
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3804
|
7.5 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links…
|
CWE-59
Link Following
|
CVE-2025-27850
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3805
|
9.3 |
CRITICAL
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including…
|
CWE-352
Origin Validation Error
|
CVE-2025-27851
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3806
|
5.0 |
MEDIUM
Local
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2025-27852
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3807
|
7.3 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-27853
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3808
|
9.6 |
CRITICAL
Network
|
tanstack
|
tanstack\/arktype-adapter
tanstack\/eslint-plugin-router
tanstack\/eslint-plugin-start
tanstack\/history
tanstack\/nitro-v2-vite-plugin
tanstack\/react-router
tanstack\/react-router…
|
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate …
|
CWE-506
Embedded Malicious Code
|
CVE-2026-45321
|
2026-05-15 02:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3809
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-200
Information Exposure
|
CVE-2026-34087
|
2026-05-15 02:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3810
|
7.5 |
HIGH
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42561
|
2026-05-15 02:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
