|
91
|
7.1 |
HIGH
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2393
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
- |
|
-
|
-
|
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-co…
New
|
-
|
CVE-2026-2291
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
8.8 |
HIGH
Network
|
-
|
-
|
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
New
|
CWE-94
Code Injection
|
CVE-2026-29202
|
2026-05-12 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to …
New
|
CWE-757
Algorithm Downgrade
|
CVE-2026-1677
|
2026-05-12 03:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: cx88: Add missing unmap in snd_cx88_hw_params()
In error path, add cx88_alsa_dma_unmap() to release
resource acquired by c…
Update
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-43257
|
2026-05-12 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
alpha: fix user-space corruption during memory compaction
Alpha systems can suffer sporadic user-space crashes and heap
corruptio…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43258
|
2026-05-12 03:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
9.6 |
CRITICAL
Network
|
argoproj
|
argo_cd
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo…
New
|
CWE-200
CWE-212
Information Exposure
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-42880
|
2026-05-12 02:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
8.8 |
HIGH
Network
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by …
New
|
CWE-78
OS Command
|
CVE-2026-42215
|
2026-05-12 02:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
7.8 |
HIGH
Local
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitP…
New
|
CWE-94
Code Injection
|
CVE-2026-44244
|
2026-05-12 02:44 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the
IPv6 s…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43099
|
2026-05-12 02:36 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
