|
3841
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42481
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3842
|
7.5 |
HIGH
Network
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37530
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3843
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-37534
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3844
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers t…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37541
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3845
|
8.8 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42468
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3846
|
8.6 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42469
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3847
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli…
|
CWE-79
Cross-site Scripting
|
CVE-2025-69606
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3848
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
|
CWE-77
Command Injection
|
CVE-2026-26461
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3849
|
7.5 |
HIGH
Network
|
-
|
-
|
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-37457
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3850
|
6.5 |
MEDIUM
Network
|
-
|
-
|
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the C…
|
CWE-352
Origin Validation Error
|
CVE-2026-42091
|
2026-05-8 00:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
