|
111
|
- |
|
-
|
-
|
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_sh…
New
|
CWE-94
CWE-502
Code Injection
Deserialization of Untrusted Data
|
CVE-2026-41486
|
2026-05-9 07:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
7.5 |
HIGH
Network
|
-
|
-
|
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
New
|
-
|
CVE-2026-39836
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
5.3 |
MEDIUM
Network
|
-
|
-
|
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize…
New
|
-
|
CVE-2026-39825
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
5.3 |
MEDIUM
Local
|
-
|
-
|
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one…
New
|
-
|
CVE-2026-39819
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
5.9 |
MEDIUM
Local
|
-
|
-
|
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su…
New
|
-
|
CVE-2026-39817
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63704
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix memory leak on failure path
cfg80211_inform_bss_frame() may return NULL on failure. In that case,
the all…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43225
|
2026-05-9 06:22 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
8.1 |
HIGH
Network
|
-
|
-
|
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44400
|
2026-05-9 06:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
hfs: Replace BUG_ON with error handling for CNID count checks
In a06ec283e125 next_id, folder_count, and file_count in the super …
Update
|
CWE-617
Reachable Assertion
|
CVE-2026-43228
|
2026-05-9 06:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix URB leak in pvr2_send_request_ex
When pvr2_send_request_ex() submits a write URB successfully but fails to
su…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43223
|
2026-05-9 06:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
