|
2931
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-6519
|
2026-05-2 01:41 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-6520
|
2026-05-2 01:37 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
7.5 |
HIGH
Network
|
-
|
-
|
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, lead…
|
CWE-122
CWE-176
Heap-based Buffer Overflow
Improper Handling of Unicode Encoding
|
CVE-2026-7040
|
2026-05-2 01:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
8.8 |
HIGH
Network
|
-
|
-
|
TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-5402
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when reque…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42512
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by …
|
CWE-149
Improper Neutralization of Quoting Syntax
|
CVE-2026-42511
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
8.1 |
HIGH
Network
|
-
|
-
|
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backe…
|
CWE-89
SQL Injection
|
CVE-2026-42167
|
2026-05-2 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
When processing the header of an incoming message, libnv failed to properly validate the message size.
The lack of validation allows a malicious program to write outside the bounds of a heap allocat…
|
CWE-122
CWE-130
Heap-based Buffer Overflow
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-35547
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
7.7 |
HIGH
Network
|
getoutline
|
outline
|
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41649
|
2026-05-2 00:54 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-41386
|
2026-05-2 00:52 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
