|
1141
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.…
Update
|
CWE-284
CWE-863
Improper Access Control
Incorrect Authorization
|
CVE-2025-9973
|
2026-05-14 00:25 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1142
|
6.1 |
MEDIUM
Local
|
-
|
-
|
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-1681
|
2026-05-14 00:25 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1143
|
8.3 |
HIGH
Network
|
-
|
-
|
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-42562
|
2026-05-14 00:23 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1144
|
- |
|
-
|
-
|
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escal…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-42571
|
2026-05-14 00:23 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1145
|
7.5 |
HIGH
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target poi…
Update
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-42574
|
2026-05-14 00:23 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1146
|
6.5 |
MEDIUM
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *r…
Update
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-42576
|
2026-05-14 00:23 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1147
|
7.5 |
HIGH
Network
|
-
|
-
|
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded …
Update
|
CWE-345
CWE-494
Insufficient Verification of Data Authenticity
Download of Code Without Integrity Check
|
CVE-2026-42575
|
2026-05-14 00:23 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1148
|
7.5 |
HIGH
Network
|
golang
|
go
|
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-39836
|
2026-05-14 00:11 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1149
|
7.5 |
HIGH
Network
|
golang
|
go
|
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39820
|
2026-05-14 00:10 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1150
|
5.3 |
MEDIUM
Local
|
golang
|
go
|
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one…
Update
|
CWE-59
Link Following
|
CVE-2026-39819
|
2026-05-14 00:05 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
