|
951
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks…
|
CWE-123
Write-what-where Condition
|
CVE-2026-43284
|
2026-05-15 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
8.8 |
HIGH
Network
|
sentry
|
sentry
|
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…
|
CWE-94
Code Injection
|
CVE-2021-47935
|
2026-05-15 02:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
8.7 |
HIGH
Network
|
-
|
-
|
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33583
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.
cow_spdy:inflate/2 in cowlib…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-43970
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8466
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing.
'Elixir.Plug.Conn':rea…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8468
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
7.5 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links…
|
CWE-59
Link Following
|
CVE-2025-27850
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
9.3 |
CRITICAL
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including…
|
CWE-352
Origin Validation Error
|
CVE-2025-27851
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
5.0 |
MEDIUM
Local
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2025-27852
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
7.3 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-27853
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
