|
1381
|
10.0 |
CRITICAL
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal att…
Update
|
CWE-22
Path Traversal
|
CVE-2026-7411
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7376
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-6788
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
- |
|
-
|
-
|
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-6787
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
- |
|
-
|
-
|
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYS…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41288
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
- |
|
-
|
-
|
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41286
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
6.1 |
MEDIUM
Network
|
-
|
-
|
FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38947
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
- |
|
-
|
-
|
Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 address…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33975
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-28780
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
8.1 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
Update
|
CWE-416
Use After Free
|
CVE-2026-23631
|
2026-05-7 01:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
