|
2421
|
7.7 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastR…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41905
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2422
|
7.1 |
HIGH
Local
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application …
|
CWE-22
Path Traversal
|
CVE-2026-44243
|
2026-05-8 06:12 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2423
|
5.3 |
MEDIUM
Network
|
-
|
-
|
ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an att…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42241
|
2026-05-8 05:37 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2424
|
8.1 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.…
|
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
|
CVE-2026-42239
|
2026-05-8 05:35 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2425
|
7.6 |
HIGH
Network
|
-
|
-
|
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. F…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-43510
|
2026-05-8 05:32 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2426
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().
syzbot reported use-after-free of AF_UNIX soc…
|
CWE-416
Use After Free
|
CVE-2026-43016
|
2026-05-8 05:31 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2427
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix clk handling on PCI glue driver removal
platform_device_unregister() may still want to use the registered clks
dur…
|
CWE-416
Use After Free
|
CVE-2026-43015
|
2026-05-8 05:31 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2428
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: macb: properly unregister fixed rate clocks
The additional resources allocated with clk_register_fixed_rate() need
to be rel…
|
NVD-CWE-noinfo
|
CVE-2026-43014
|
2026-05-8 05:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2429
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: lag: Check for LAG device before creating debugfs
__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error
o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43013
|
2026-05-8 05:28 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2430
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix switchdev mode rollback in case of failure
If for some internal reason switchdev mode fails, we rollback to legacy
…
|
NVD-CWE-noinfo
|
CVE-2026-43012
|
2026-05-8 05:28 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
