|
1171
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Specials/SpecialUserRights.P…
|
CWE-200
Information Exposure
|
CVE-2026-34093
|
2026-05-18 22:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-42355
|
2026-05-18 22:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42442
|
2026-05-18 22:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
3.8 |
LOW
Network
|
mediawiki
|
mediawiki
|
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Page/Article.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34094
|
2026-05-18 22:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when …
|
CWE-369
Divide By Zero
|
CVE-2026-42443
|
2026-05-18 22:46 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
7.5 |
HIGH
Network
|
bytecodealliance
|
wasmtime
|
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This ove…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44216
|
2026-05-18 22:36 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
7.8 |
HIGH
Local
|
microsoft
|
azure_connected_machine_agent
|
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
|
CWE-284
Improper Access Control
|
CVE-2026-40381
|
2026-05-18 22:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-18 22:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
5.4 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-18 22:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-35429
|
2026-05-18 22:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
