|
341
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This…
New
|
CWE-281
Improper Preservation of Permissions
|
CVE-2025-8325
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses…
New
|
CWE-74
Injection
|
CVE-2025-8154
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
5.6 |
MEDIUM
Network
|
-
|
-
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
New
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2025-43992
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
- |
|
-
|
-
|
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security …
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-10908
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.
The discovery of valid use…
New
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2024-0391
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: Decrement re_receiving on the early exit paths
In the event that rpcrdma_post_recvs() fails to create a work request
(d…
New
|
-
|
CVE-2026-43469
|
2026-05-11 17:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
8.2 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery
In case of a TX error CQE, a recovery flow is triggered,
mlx5e_reset_txqs…
New
|
-
|
CVE-2026-43466
|
2026-05-11 17:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
9.8 |
CRITICAL
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
XDP multi-buf programs can modify the layout of the XDP buffer whe…
New
|
-
|
CVE-2026-43465
|
2026-05-11 17:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
XDP multi-buf programs can modify the layout of the XDP buffer when …
New
|
-
|
CVE-2026-43464
|
2026-05-11 17:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: spacemit: Fix error handling in emac_tx_mem_map()
The DMA mappings were leaked on mapping error. Free them with the
existing…
New
|
-
|
CVE-2026-43462
|
2026-05-11 17:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
