|
2671
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-44919
|
2026-05-21 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
8.8 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate inherited ACE SID length
smb_inherit_dacl() walks the parent directory DACL loaded from the
security descriptor x…
|
-
|
CVE-2026-43490
|
2026-05-21 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net-shapers: don't free reply skb after genlmsg_reply()
genlmsg_reply() hands the reply skb to netlink, and
netlink_unicast() con…
|
-
|
CVE-2026-43481
|
2026-05-21 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in…
|
-
|
CVE-2026-43476
|
2026-05-21 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to …
|
CWE-290
CWE-451
Authentication Bypass by Spoofing
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-39309
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-37982
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-37981
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac…
|
CWE-284
Improper Access Control
|
CVE-2026-37979
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) para…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-37978
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
|
CWE-78
OS Command
|
CVE-2026-37281
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
