|
1811
|
- |
|
-
|
-
|
Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary w…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20879
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
- |
|
-
|
-
|
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user co…
|
CWE-284
Improper Access Control
|
CVE-2026-20887
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
|
CWE-93
CRLF Injection
|
CVE-2026-35504
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
8.2 |
HIGH
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions …
|
CWE-863
Incorrect Authorization
|
CVE-2026-26289
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
|
CWE-863
Incorrect Authorization
|
CVE-2026-33570
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
|
CWE-863
Incorrect Authorization
|
CVE-2026-35555
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
7.8 |
HIGH
Local
|
-
|
-
|
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-8108
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper aut…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31215
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31216
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user …
|
CWE-94
Code Injection
|
CVE-2026-31217
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
