|
341
|
6.5 |
MEDIUM
Local
|
-
|
-
|
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-47404
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
New
|
CWE-126
Buffer Over-read
|
CVE-2025-47403
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Transient DOS when processing target power rate tables during channel configuration.
New
|
CWE-126
Buffer Over-read
|
CVE-2025-47401
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
7.5 |
HIGH
Network
|
xwiki
|
cryptpad
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-5 01:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
8.8 |
HIGH
Network
|
progress
|
moveit_automation
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-5 01:47 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components
New
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70072
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70070
|
2026-05-5 01:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
6.5 |
MEDIUM
Network
|
-
|
-
|
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5337
|
2026-05-5 00:23 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-5335
|
2026-05-5 00:23 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel.
This allows a compromised or rogue Velociraptor client to crash the server …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-6948
|
2026-05-5 00:22 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
