|
1771
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the cal…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44424
|
2026-05-18 22:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1772
|
5.4 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query p…
|
CWE-20
CWE-943
CWE-1333
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
Inefficient Regular Expression Complexity
|
CVE-2026-44425
|
2026-05-18 22:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1773
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge
|
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-35429
|
2026-05-18 22:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1774
|
5.5 |
MEDIUM
Local
|
microsoft
|
teams
|
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-32185
|
2026-05-18 22:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1775
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-40416
|
2026-05-18 22:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1776
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa…
|
CWE-475
Undefined Behavior for Input to API
|
CVE-2026-42009
|
2026-05-18 22:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1777
|
9.8 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42581
|
2026-05-18 22:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1778
|
9.8 |
CRITICAL
Network
|
espressif
|
arduino-esp32
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42854
|
2026-05-18 22:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1779
|
8.8 |
HIGH
Network
|
mongodb
|
mongodb
|
An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8053
|
2026-05-18 22:06 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1780
|
7.5 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…
|
CWE-362
Race Condition
|
CVE-2026-42594
|
2026-05-18 22:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
