|
321
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
vhost: move vdpa group bound check to vhost_vdpa
Remove duplication by consolidating these here. This reduces the
posibility of …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43248
|
2026-05-11 22:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
322
|
8.8 |
HIGH
Adjacent
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
9p/xen: protect xen_9pfs_front_free against concurrent calls
The xenwatch thread can race with other back-end change notification…
Update
|
CWE-415
Double Free
|
CVE-2026-43249
|
2026-05-11 22:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
323
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ima: verify the previous kernel's IMA buffer lies in addressable RAM
Patch series "Address page fault in ima_restore_measurement_…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43129
|
2026-05-11 22:08 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
324
|
6.1 |
MEDIUM
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red…
Update
|
CWE-601
Open Redirect
|
CVE-2025-61669
|
2026-05-11 22:01 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
325
|
8.8 |
HIGH
Network
|
tenda
|
cx12l_firmware
|
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow.…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8138
|
2026-05-11 22:00 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
326
|
6.8 |
MEDIUM
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40934
|
2026-05-11 22:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
327
|
7.8 |
HIGH
Local
|
navercorp
|
mybox
|
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-8148
|
2026-05-11 21:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
328
|
7.3 |
HIGH
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa…
Update
|
CWE-777
|
CVE-2026-40110
|
2026-05-11 21:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
329
|
5.3 |
MEDIUM
Local
|
prusa3d
|
prusaslicer
|
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
New
|
CWE-77
Command Injection
|
CVE-2023-47268
|
2026-05-11 21:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
330
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
New
|
CWE-459
Incomplete Cleanup
|
CVE-2025-66467
|
2026-05-11 21:57 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
