|
101
|
4.4 |
MEDIUM
Local
|
-
|
-
|
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-35233
|
2026-05-5 00:22 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel.
This allows a compromised or rogue Velociraptor client to crash the server …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-6948
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
7.5 |
HIGH
Network
|
-
|
-
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-33846
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
8.8 |
HIGH
Local
|
-
|
-
|
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res…
New
|
CWE-1386
Insecure Operation on Windows Junction / Mount Point
|
CVE-2025-58074
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
8.3 |
HIGH
Network
|
-
|
-
|
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-6266
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the a…
New
|
CWE-158
Improper Neutralization of Null Byte or NUL Character
|
CVE-2026-23863
|
2026-05-5 00:21 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigg…
New
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-23866
|
2026-05-5 00:21 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
9.9 |
CRITICAL
Network
|
-
|
-
|
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…
New
|
CWE-78
OS Command
|
CVE-2026-42364
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
8.6 |
HIGH
Network
|
-
|
-
|
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …
New
|
CWE-341
Predictable from Observable State
|
CVE-2026-42365
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
7.4 |
HIGH
Network
|
-
|
-
|
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42366
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
