|
1151
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix incorrect dentry refcount in cachefiles_cull()
The patch mentioned below changed cachefiles_bury_object() to expe…
Update
|
NVD-CWE-Other
|
CVE-2026-43106
|
2026-05-12 02:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1152
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: account XFRMA_IF_ID in aevent size calculation
xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then
build…
Update
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2026-43107
|
2026-05-12 02:30 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1153
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei
It looks element length declared in servreg_loc_pfr_req_ei for…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43108
|
2026-05-12 02:27 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1154
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86: shadow stacks: proper error handling for mmap lock
김영민 reports that shstk_pop_sigframe() doesn't check for errors from
mmap_…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43109
|
2026-05-12 02:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1155
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Th…
Update
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2026-44263
|
2026-05-12 02:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1156
|
7.5 |
HIGH
Network
|
prometheus
|
prometheus
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
Update
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-12 02:22 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1157
|
7.5 |
HIGH
Network
|
prometheus
|
prometheus
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
Update
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-12 02:22 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1158
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6736
|
2026-05-12 02:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1159
|
9.9 |
CRITICAL
Network
|
mozilla
|
0din_scanner
|
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati…
Update
|
CWE-94
Code Injection
|
CVE-2026-41512
|
2026-05-12 02:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1160
|
7.5 |
HIGH
Network
|
github
|
enterprise_server
|
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON p…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7541
|
2026-05-12 02:19 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
