|
1731
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
watchos
|
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A r…
|
CWE-843
Type Confusion
|
CVE-2026-28983
|
2026-05-13 23:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1732
|
6.5 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-elasticsearch
|
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the em…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41018
|
2026-05-13 23:22 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1733
|
5.9 |
MEDIUM
Local
|
-
|
-
|
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
|
-
|
CVE-2026-6815
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1734
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data d…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-6146
|
2026-05-13 23:18 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1735
|
7.3 |
HIGH
Network
|
-
|
-
|
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
|
-
|
CVE-2026-5172
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1736
|
9.6 |
CRITICAL
Network
|
electerm_project
|
electerm
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links…
|
CWE-20
CWE-94
CWE-829
Improper Input Validation
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43944
|
2026-05-13 23:17 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1737
|
5.3 |
MEDIUM
Local
|
wellbia
|
xigncode3
|
Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS.
Cr…
|
NVD-CWE-noinfo
|
CVE-2026-3609
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1738
|
7.3 |
HIGH
Network
|
-
|
-
|
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-co…
|
-
|
CVE-2026-2291
|
2026-05-13 23:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1739
|
7.3 |
HIGH
Network
|
-
|
-
|
Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.
Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities s…
|
-
|
CVE-2022-4988
|
2026-05-13 23:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1740
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-45006
|
2026-05-13 23:14 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
