|
421
|
6.5 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper
access control in the vault documentation feature in Devolutions
Server allows an authenticated attacker to read documentation content
from unauthorized vaults via a crafted API request.
…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6706
|
2026-05-4 22:37 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
freertos-plus-tcp
|
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pi…
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-7423
|
2026-05-4 22:35 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
8.1 |
HIGH
Adjacent
|
amazon
|
freertos-plus-tcp
|
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, an…
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-7424
|
2026-05-4 22:22 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-4 22:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
freertos-plus-tcp
|
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7425
|
2026-05-4 22:12 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
8.1 |
HIGH
Adjacent
|
amazon
|
freertos-plus-tcp
|
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7426
|
2026-05-4 22:12 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
9.1 |
CRITICAL
Network
|
rti
|
connext_professional
|
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.…
Update
|
CWE-611
XXE
|
CVE-2025-14543
|
2026-05-4 22:02 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue aff…
New
|
CWE-94
Code Injection
|
CVE-2026-3120
|
2026-05-4 21:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting
privcmd_vm_ops defines .close (privcmd_close), but neither .may_split
nor .open. W…
Update
|
-
|
CVE-2026-31787
|
2026-05-4 18:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
Buffer overflow in drivers/xen/sys-hypervisor.c
The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is
neither NUL t…
Update
|
-
|
CVE-2026-31786
|
2026-05-4 18:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
