|
941
|
- |
|
-
|
-
|
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-29200
|
2026-05-4 16:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
- |
|
-
|
-
|
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-29199
|
2026-05-4 16:15 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constrai…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-3833
|
2026-05-4 05:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a lo…
|
CWE-179
Incorrect Behavior Order: Early Validation
|
CVE-2026-3832
|
2026-05-4 05:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: fix use-after-free in add_adev() error path
If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls
au…
|
-
|
CVE-2026-43056
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: file: Use kzalloc_flex for aio_cmd
The target_core_file doesn't initialize the aio_cmd->iocb for the
ki_write_strea…
|
-
|
CVE-2026-43055
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
The wacom_intuos_bt_irq() function processes Bluetooth HID reports
with…
|
-
|
CVE-2026-43051
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Mitigate potential OOB by removing bogus memset()
The memset() in hid_report_raw_event() has the good intention of
cle…
|
-
|
CVE-2026-43048
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Check to ensure report responses match the request
It is possible for a malicious (or clumsy) device to respond …
|
-
|
CVE-2026-43047
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: caam - fix DMA corruption on long hmac keys
When a key longer than block size is supplied, it is copied and then
hashed i…
|
-
|
CVE-2026-43044
|
2026-05-3 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
