|
231
|
3.7 |
LOW
Network
|
-
|
-
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
New
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-5 08:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to …
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-7791
|
2026-05-5 07:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. …
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7780
|
2026-05-5 07:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
7.5 |
HIGH
Network
|
-
|
-
|
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the w…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7776
|
2026-05-5 07:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7779
|
2026-05-5 06:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
8.1 |
HIGH
Network
|
-
|
-
|
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/insta…
New
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-42222
|
2026-05-5 06:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret.…
New
|
CWE-200
CWE-863
Information Exposure
Incorrect Authorization
|
CVE-2026-42220
|
2026-05-5 06:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-5 05:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and par…
New
|
CWE-22
Path Traversal
|
CVE-2026-6321
|
2026-05-5 05:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
7.8 |
HIGH
Local
|
wireshark
|
wireshark
|
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Update
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-5405
|
2026-05-5 05:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
