|
3781
|
7.7 |
HIGH
Local
|
-
|
-
|
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct…
|
CWE-200
CWE-782
CWE-787
Information Exposure
Exposed IOCTL with Insufficient Access Control
Out-of-bounds Write
|
CVE-2026-36355
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3782
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-36356
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3783
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen…
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-43002
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3784
|
7.7 |
HIGH
Network
|
-
|
-
|
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-42997
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3785
|
7.5 |
HIGH
Network
|
-
|
-
|
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
|
CWE-284
Improper Access Control
|
CVE-2024-52911
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3786
|
8.1 |
HIGH
Network
|
-
|
-
|
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
|
CWE-89
SQL Injection
|
CVE-2026-44331
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3787
|
3.4 |
LOW
Adjacent
|
-
|
-
|
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44405
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3788
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-42503
|
2026-05-8 00:53 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3789
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi…
|
CWE-330
CWE-338
Use of Insufficiently Random Values
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41505
|
2026-05-8 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3790
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
|
CWE-79
Cross-site Scripting
|
CVE-2026-36358
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
