|
1311
|
- |
|
-
|
-
|
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security …
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-10908
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.
The discovery of valid use…
New
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2024-0391
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks…
Update
|
CWE-123
Write-what-where Condition
|
CVE-2026-43284
|
2026-05-11 17:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manip…
New
|
CWE-189
CWE-192
Numeric Errors
|
CVE-2026-8276
|
2026-05-11 15:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogo…
New
|
CWE-189
CWE-192
Numeric Errors
|
CVE-2026-8275
|
2026-05-11 15:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory Handler. Such manipulation leads t…
New
|
CWE-22
Path Traversal
|
CVE-2026-8274
|
2026-05-11 14:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
3.3 |
LOW
Local
|
-
|
-
|
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-8257
|
2026-05-11 11:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
4.7 |
MEDIUM
Network
|
oracle
|
macoron
|
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w…
Update
|
CWE-601
CWE-346
Open Redirect
Origin Validation Error
|
CVE-2026-35253
|
2026-05-11 05:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
6.5 |
MEDIUM
Local
|
-
|
-
|
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-45184
|
2026-05-11 03:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-5791
|
2026-05-11 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
