|
1131
|
6.8 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
New
|
CWE-295
CWE-306
CWE-863
Improper Certificate Validation
Missing Authentication for Critical Function
Incorrect Authorization
|
CVE-2026-42312
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1132
|
8.0 |
HIGH
Network
|
-
|
-
|
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Fi…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41431
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1133
|
- |
|
-
|
-
|
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator …
New
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-41257
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1134
|
5.5 |
MEDIUM
Local
|
-
|
-
|
jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil…
New
|
CWE-158
Improper Neutralization of Null Byte or NUL Character
|
CVE-2026-41256
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1135
|
- |
|
-
|
-
|
jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40612
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1136
|
- |
|
-
|
-
|
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections …
New
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-3048
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1137
|
7.1 |
HIGH
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2393
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1138
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to …
New
|
CWE-757
Algorithm Downgrade
|
CVE-2026-1677
|
2026-05-12 03:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1139
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: cx88: Add missing unmap in snd_cx88_hw_params()
In error path, add cx88_alsa_dma_unmap() to release
resource acquired by c…
Update
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-43257
|
2026-05-12 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1140
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
alpha: fix user-space corruption during memory compaction
Alpha systems can suffer sporadic user-space crashes and heap
corruptio…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43258
|
2026-05-12 03:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
