|
221
|
5.5 |
MEDIUM
Local
|
-
|
-
|
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
New
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-6870
|
2026-05-1 00:10 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
7.5 |
HIGH
Network
|
-
|
-
|
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic.
Remote attackers can craft packets which cause affec…
New
|
CWE-674
CWE-791
Uncontrolled Recursion
Incomplete Filtering of Special Elements
|
CVE-2026-7164
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
9.1 |
CRITICAL
Network
|
-
|
-
|
When processing the header of an incoming message, libnv failed to properly validate the message size.
The lack of validation allows a malicious program to write outside the bounds of a heap allocat…
New
|
CWE-122
CWE-130
Heap-based Buffer Overflow
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-35547
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
7.8 |
HIGH
Local
|
-
|
-
|
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size l…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-39457
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
7.3 |
HIGH
Network
|
-
|
-
|
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when reque…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42512
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
7.4 |
HIGH
Network
|
-
|
-
|
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.
This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.
This issue affects …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42799
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between …
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41016
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
7.4 |
HIGH
Network
|
-
|
-
|
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/s…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42800
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.…
New
|
CWE-200
CWE-359
Information Exposure
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-7382
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
8.1 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7399
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
