|
2511
|
7.8 |
HIGH
Local
|
microsoft
|
azure_connected_machine_agent
|
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
|
CWE-284
Improper Access Control
|
CVE-2026-40381
|
2026-05-18 22:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-18 22:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
5.4 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-18 22:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-35429
|
2026-05-18 22:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
5.5 |
MEDIUM
Local
|
microsoft
|
teams
|
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-32185
|
2026-05-18 22:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-40416
|
2026-05-18 22:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa…
|
CWE-475
Undefined Behavior for Input to API
|
CVE-2026-42009
|
2026-05-18 22:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
9.8 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42581
|
2026-05-18 22:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
9.8 |
CRITICAL
Network
|
espressif
|
arduino-esp32
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42854
|
2026-05-18 22:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
8.8 |
HIGH
Network
|
mongodb
|
mongodb
|
An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8053
|
2026-05-18 22:06 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
