|
1031
|
- |
|
-
|
-
|
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-R…
New
|
CWE-22
Path Traversal
|
CVE-2026-42600
|
2026-05-12 07:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
8.2 |
HIGH
Network
|
-
|
-
|
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-42564
|
2026-05-12 07:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
2.4 |
LOW
Network
|
-
|
-
|
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player hea…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42188
|
2026-05-12 07:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
6.2 |
MEDIUM
Local
|
-
|
-
|
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34961
|
2026-05-12 07:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34960
|
2026-05-12 07:22 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45025
|
2026-05-12 06:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
- |
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42870
|
2026-05-12 06:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
7.5 |
HIGH
Network
|
postfix
|
postfix
|
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-43964
|
2026-05-12 06:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rnbd-srv: Zero the rsp buffer before using it
Before using the data buffer to send back the response message, zero it
completely.…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43184
|
2026-05-12 05:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: cx25821: Fix a resource leak in cx25821_dev_setup()
Add release_mem_region() if ioremap() fails to release the memory
regi…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43183
|
2026-05-12 05:55 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
