|
671
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN fra…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42467
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
7.5 |
HIGH
Network
|
exim
|
exim
|
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in…
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-40684
|
2026-05-2 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers t…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37541
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-37540
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37539
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
- |
|
-
|
-
|
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
|
-
|
CVE-2026-37457
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
- |
|
-
|
-
|
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
|
-
|
CVE-2026-26461
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce…
|
CWE-416
Use After Free
|
CVE-2026-22166
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli…
|
-
|
CVE-2025-69606
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
- |
|
-
|
-
|
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
|
-
|
CVE-2025-63548
|
2026-05-2 03:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
