|
61
|
- |
|
-
|
-
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker …
New
|
CWE-539
Use of Persistent Cookies Containing Sensitive Information
|
CVE-2026-35192
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit …
New
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2026-34002
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34000
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling.
In 'Elixir.Phoenix.Trans…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32689
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
- |
|
-
|
-
|
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut…
New
|
-
|
CVE-2026-31196
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
- |
|
-
|
-
|
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic…
New
|
-
|
CVE-2026-31195
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query str…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-30246
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-27694
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-70067
|
2026-05-6 01:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
8.1 |
HIGH
Network
|
-
|
-
|
IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authen…
New
|
CWE-284
Improper Access Control
|
CVE-2025-67796
|
2026-05-6 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
