|
3441
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restricti…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-41938
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3442
|
8.1 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and mod…
|
CWE-611
XXE
|
CVE-2026-41936
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3443
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the pa…
|
CWE-209
CWE-1188
Information Exposure Through an Error Message
Insecure Default Initialization of Resource
|
CVE-2026-41931
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3444
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin con…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41930
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3445
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079.
|
-
|
CVE-2026-33441
|
2026-05-7 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3446
|
8.3 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: require minimum ACE size in smb_check_perm_dacl()
Both ACE-walk loops in smb_check_perm_dacl() only guard against an
under…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31712
|
2026-05-7 05:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3447
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlink_ns_capable() check for peer netns
rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the pee…
|
NVD-CWE-noinfo
|
CVE-2026-31692
|
2026-05-7 05:05 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3448
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Buffer overflow in drivers/xen/sys-hypervisor.c
The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is
neither NUL t…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31786
|
2026-05-7 04:44 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3449
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting
privcmd_vm_ops defines .close (privcmd_close), but neither .may_split
nor .open. W…
|
CWE-415
Double Free
|
CVE-2026-31787
|
2026-05-7 04:38 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3450
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject oversized dirents in page cache
fuse_add_dirent_to_cache() computes a serialized dirent size from the
server-control…
|
NVD-CWE-noinfo
|
CVE-2026-31694
|
2026-05-7 04:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
