|
3761
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-37540
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3762
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escal…
|
CWE-20
CWE-269
Improper Input Validation
Improper Privilege Management
|
CVE-2025-52347
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3763
|
8.1 |
HIGH
Network
|
-
|
-
|
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-29199
|
2026-05-8 00:53 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3764
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function…
|
CWE-77
CWE-94
Command Injection
Code Injection
|
CVE-2026-36365
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3765
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE …
|
CWE-20
Improper Input Validation
|
CVE-2026-37458
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3766
|
7.5 |
HIGH
Network
|
-
|
-
|
An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-37461
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3767
|
7.2 |
HIGH
Network
|
-
|
-
|
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-38751
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3768
|
8.1 |
HIGH
Network
|
-
|
-
|
IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authen…
|
CWE-284
Improper Access Control
|
CVE-2025-67796
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3769
|
7.7 |
HIGH
Local
|
-
|
-
|
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct…
|
CWE-200
CWE-782
CWE-787
Information Exposure
Exposed IOCTL with Insufficient Access Control
Out-of-bounds Write
|
CVE-2026-36355
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3770
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-36356
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
