|
3911
|
7.8 |
HIGH
Local
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
|
CWE-59
Link Following
|
CVE-2026-44471
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3912
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CV…
|
-
|
CVE-2026-7805
|
2026-05-15 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3913
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks…
|
CWE-123
Write-what-where Condition
|
CVE-2026-43284
|
2026-05-15 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3914
|
8.8 |
HIGH
Network
|
sentry
|
sentry
|
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…
|
CWE-94
Code Injection
|
CVE-2021-47935
|
2026-05-15 02:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3915
|
8.7 |
HIGH
Network
|
-
|
-
|
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33583
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3916
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.
cow_spdy:inflate/2 in cowlib…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-43970
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3917
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8466
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3918
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing.
'Elixir.Plug.Conn':rea…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8468
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3919
|
7.5 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links…
|
CWE-59
Link Following
|
CVE-2025-27850
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3920
|
9.3 |
CRITICAL
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including…
|
CWE-352
Origin Validation Error
|
CVE-2025-27851
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
