|
1361
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
Remove redundant netif_napi_del() call from disconnect path.…
|
-
|
CVE-2026-43479
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put
The correct helper to use in rt1011_recv_spk_mode_put…
|
-
|
CVE-2026-43478
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL
Apparently ICL may hang with an MCE if we write TRANS_VRR_V…
|
-
|
CVE-2026-43477
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in…
|
-
|
CVE-2026-43476
|
2026-05-14 01:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
5.4 |
MEDIUM
Network
|
openedx
|
openedx
|
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42857
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
9.8 |
CRITICAL
Network
|
-
|
-
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42854
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
- |
|
-
|
-
|
Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/acco…
|
CWE-269
CWE-434
Improper Privilege Management
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42844
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
8.8 |
HIGH
Local
|
-
|
-
|
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s…
|
CWE-15
CWE-269
CWE-732
External Control of System or Configuration Setting
Improper Privilege Management
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41489
|
2026-05-14 01:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
- |
|
-
|
-
|
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion.
'Elixir.Bandit.HTTP1.Socket':do_…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-39806
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The chunked clause of 'Elixir.Bandit.HTTP1…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-39803
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
