|
91
|
7.5 |
HIGH
Network
|
xwiki
|
cryptpad
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-5 01:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
8.8 |
HIGH
Network
|
progress
|
moveit_automation
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-5 01:47 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-6525
|
2026-05-5 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
- |
|
-
|
-
|
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE …
New
|
-
|
CVE-2026-37458
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
- |
|
-
|
-
|
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function…
New
|
-
|
CVE-2026-36365
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components
New
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70072
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70070
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
6.5 |
MEDIUM
Network
|
-
|
-
|
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5337
|
2026-05-5 00:23 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-5335
|
2026-05-5 00:23 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
3.3 |
LOW
Local
|
-
|
-
|
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
Update
|
CWE-369
Divide By Zero
|
CVE-2026-21996
|
2026-05-5 00:22 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
