|
2501
|
6.5 |
MEDIUM
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain un…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-26062
|
2026-05-18 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2502
|
7.5 |
HIGH
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after bei…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-42577
|
2026-05-18 23:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2503
|
9.8 |
CRITICAL
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands a…
|
CWE-78
OS Command
|
CVE-2026-26191
|
2026-05-18 23:05 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2504
|
6.5 |
MEDIUM
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Th…
|
CWE-190
CWE-444
Integer Overflow or Wraparound
HTTP Request Smuggling
|
CVE-2026-42580
|
2026-05-18 23:03 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2505
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Specials/SpecialUserRights.P…
|
CWE-200
Information Exposure
|
CVE-2026-34093
|
2026-05-18 22:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2506
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-42355
|
2026-05-18 22:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2507
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42442
|
2026-05-18 22:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2508
|
3.8 |
LOW
Network
|
mediawiki
|
mediawiki
|
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Page/Article.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34094
|
2026-05-18 22:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2509
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when …
|
CWE-369
Divide By Zero
|
CVE-2026-42443
|
2026-05-18 22:46 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2510
|
7.5 |
HIGH
Network
|
bytecodealliance
|
wasmtime
|
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This ove…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44216
|
2026-05-18 22:36 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
