|
701
|
7.5 |
HIGH
Network
|
-
|
-
|
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
New
|
-
|
CVE-2026-4890
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
New
|
-
|
CVE-2026-4891
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
8.4 |
HIGH
Local
|
-
|
-
|
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
New
|
-
|
CVE-2026-4892
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
New
|
-
|
CVE-2026-4893
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
- |
|
-
|
-
|
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
New
|
-
|
CVE-2026-5172
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
- |
|
-
|
-
|
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing le…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-35227
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
- |
|
-
|
-
|
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unau…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-5029
|
2026-05-12 23:15 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
- |
|
-
|
-
|
ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's br…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6909
|
2026-05-12 23:15 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
- |
|
-
|
-
|
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's br…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6956
|
2026-05-12 23:15 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
9.8 |
CRITICAL
Network
|
cross-crypto
|
cross-implementation
|
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b…
Update
|
CWE-121
CWE-122
Stack-based Buffer Overflow
Heap-based Buffer Overflow
|
CVE-2026-41509
|
2026-05-12 23:15 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
