|
3451
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiti…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41934
|
2026-05-7 04:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3452
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` f…
|
CWE-416
Use After Free
|
CVE-2026-31695
|
2026-05-7 04:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3453
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
In rxrpc_preparse(), there are two paths for parsing key…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31696
|
2026-05-7 04:17 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3454
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.
|
CWE-611
XXE
|
CVE-2026-38429
|
2026-05-7 04:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3455
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed
When retrieving the ID for the CPU, don't attempt to cop…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31697
|
2026-05-7 04:08 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3456
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed
When retrieving the PDH cert, don't attempt to cop…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31698
|
2026-05-7 04:06 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3457
|
8.1 |
HIGH
Network
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro…
|
CWE-416
Use After Free
|
CVE-2026-22165
|
2026-05-7 04:05 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3458
|
8.1 |
HIGH
Network
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce…
|
CWE-416
Use After Free
|
CVE-2026-22166
|
2026-05-7 04:05 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3459
|
7.8 |
HIGH
Local
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages.
Under certain circumstances this exploit could b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-22167
|
2026-05-7 04:05 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3460
|
- |
|
-
|
-
|
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-29200
|
2026-05-7 04:05 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
