|
1251
|
8.8 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to exe…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25243
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
8.6 |
HIGH
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7412
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
10.0 |
CRITICAL
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal att…
New
|
CWE-22
Path Traversal
|
CVE-2026-7411
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7376
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-6788
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
- |
|
-
|
-
|
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-6787
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
- |
|
-
|
-
|
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYS…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41288
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
- |
|
-
|
-
|
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41286
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
6.1 |
MEDIUM
Network
|
-
|
-
|
FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38947
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
- |
|
-
|
-
|
Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 address…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33975
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
