|
11
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) a…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43256
|
2026-05-12 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb…
New
|
CWE-287
Improper Authentication
|
CVE-2026-8305
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
4.6 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-8233
|
2026-05-12 03:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.5 |
HIGH
Network
|
-
|
-
|
XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.
A node name ending in the middle of a multi byte UT…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8177
|
2026-05-12 03:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules.
User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigne…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7814
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.
Multiple endpoints fetched user-owned objects witho…
New
|
CWE-284
Improper Access Control
|
CVE-2026-7813
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
- |
|
-
|
-
|
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7308
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
|
-
|
-
|
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-7210
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
- |
|
-
|
-
|
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
New
|
-
|
CVE-2026-6815
|
2026-05-12 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.3 |
HIGH
Network
|
-
|
-
|
The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execut…
New
|
-
|
CVE-2026-6433
|
2026-05-12 03:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
