|
201
|
9.8 |
CRITICAL
Network
|
-
|
-
|
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu…
Update
|
CWE-22
CWE-367
Path Traversal
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-37531
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
New
|
CWE-352
CWE-1021
Origin Validation Error
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-8022
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bound…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42481
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
7.5 |
HIGH
Network
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37530
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb…
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-37534
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers t…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37541
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
8.8 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42468
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
8.6 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42469
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-69606
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
Update
|
CWE-77
Command Injection
|
CVE-2026-26461
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
