|
311
|
7.5 |
HIGH
Network
|
-
|
-
|
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial …
Update
|
CWE-617
Reachable Assertion
|
CVE-2025-56568
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
Update
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2025-46115
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
9.8 |
CRITICAL
Network
|
cpanel
|
cpanel
whm
wp_squared
|
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41940
|
2026-05-5 03:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
6.5 |
MEDIUM
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing…
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-6238
|
2026-05-5 02:57 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
9.9 |
CRITICAL
Network
|
-
|
-
|
In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files belong to the table and which table version to read.
`write.metadata.path` is an optional table …
New
|
CWE-20
CWE-284
CWE-732
CWE-863
Improper Input Validation
Improper Access Control
Incorrect Permission Assignment for Critical Resource
Incorrect Authorization
|
CVE-2026-42812
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
9.9 |
CRITICAL
Network
|
-
|
-
|
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for one table's files, but a crafted namespace or table name can
cause those credentials to work across …
New
|
CWE-20
CWE-917
Improper Input Validation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-42811
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation before the effective table location has been validated or
durably reserved.
Those temporary crede…
New
|
CWE-20
CWE-862
Improper Input Validation
Missing Authorization
|
CVE-2026-42809
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42376
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42375
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42374
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
