|
71
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo
Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycl…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31727
|
2026-05-8 01:20 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
- |
|
-
|
-
|
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
New
|
-
|
CVE-2026-8091
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42194
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever…
New
|
CWE-863
CWE-918
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-41689
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40)…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41687
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41672
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in syste…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41661
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing i…
New
|
CWE-22
Path Traversal
|
CVE-2026-41655
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
6.1 |
MEDIUM
Network
|
-
|
-
|
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the …
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41650
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop
A race condition between gether_disconnect() and eth_stop()…
Update
|
CWE-362
Race Condition
|
CVE-2026-31728
|
2026-05-8 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
