|
411
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.
This issue affects P…
Update
|
CWE-93
CRLF Injection
|
CVE-2026-5140
|
2026-05-4 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-4928
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
7.7 |
HIGH
Network
|
-
|
-
|
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
Update
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-43824
|
2026-05-4 23:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40561
|
2026-05-4 23:16 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
6.7 |
MEDIUM
Local
|
-
|
-
|
In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti…
New
|
CWE-843
Type Confusion
|
CVE-2026-20451
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-20450
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with n…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-20449
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
6.7 |
MEDIUM
Local
|
-
|
-
|
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-20448
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
6.7 |
MEDIUM
Local
|
-
|
-
|
In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-20447
|
2026-05-4 23:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
freertos-plus-tcp
|
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC ad…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-7422
|
2026-05-4 22:43 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
