|
261
|
- |
|
-
|
-
|
CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access
server prior to 14.50. Attackers with control of a modified client can
send a specially crafted message to the server and caus…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40950
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
- |
|
-
|
-
|
CVE-2026-40951 is a memory corruption vulnerability on Secure Access
Windows clients prior to 14.50. Attackers with local control of the
Windows client can send malformed data to an API and trigger…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40951
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure…
New
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2026-22726
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
7.8 |
HIGH
Local
|
-
|
-
|
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7584
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-7324
|
2026-05-2 00:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3340
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al…
New
|
CWE-89
SQL Injection
|
CVE-2026-3346
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d…
New
|
CWE-22
Path Traversal
|
CVE-2026-4502
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4503
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
New
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36180
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
